diff options
author | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-07-01 09:57:46 -0400 |
---|---|---|
committer | Rob Crittenden <rcrit@ipa.greyoak.com> | 2008-07-03 15:23:03 -0400 |
commit | 8fe17d2d06f75b925b4910ace0af3648cac6f086 (patch) | |
tree | 962d589bba3860f21de7ecdec6a25f38ac40c8b9 | |
parent | b00a6f222b573d2ae4661ee28859b9517911bbdc (diff) | |
download | freeipa-8fe17d2d06f75b925b4910ace0af3648cac6f086.tar.gz freeipa-8fe17d2d06f75b925b4910ace0af3648cac6f086.tar.xz freeipa-8fe17d2d06f75b925b4910ace0af3648cac6f086.zip |
Ensure correct permissions and file ownership of Apache NSS database
451098
-rw-r--r-- | ipa-server/ipa-install/ipa-server-certinstall | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/ipa-server/ipa-install/ipa-server-certinstall b/ipa-server/ipa-install/ipa-server-certinstall index e7696270..7e089213 100644 --- a/ipa-server/ipa-install/ipa-server-certinstall +++ b/ipa-server/ipa-install/ipa-server-certinstall @@ -19,6 +19,8 @@ # import sys +import os +import pwd import traceback @@ -144,6 +146,16 @@ def main(): print server_cert set_http_cert_name(server_cert[0]) + # Fix the database permissions + os.chmod(NSS_DIR + "/cert8.db", 0640) + os.chmod(NSS_DIR + "/key3.db", 0640) + os.chmod(NSS_DIR + "/secmod.db", 0640) + + pent = pwd.getpwnam("apache") + os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid ) + except Exception, e: print "an unexpected error occurred: %s" % str(e) traceback.print_exc() |