Ensure correct permissions and file ownership of Apache NSS database

451098

1 files changed, 12 insertions, 0 deletions

diff --git a/ipa-server/ipa-install/ipa-server-certinstall b/ipa-server/ipa-install/ipa-server-certinstall
index e7696270..7e089213 100644
--- a/ipa-server/ipa-install/ipa-server-certinstall
+++ b/ipa-server/ipa-install/ipa-server-certinstall
@@ -19,6 +19,8 @@
 #
 
 import sys
+import os
+import pwd
 
 import traceback
 
@@ -144,6 +146,16 @@ def main():
             print server_cert
             set_http_cert_name(server_cert[0])
 
+            # Fix the database permissions
+            os.chmod(NSS_DIR + "/cert8.db", 0640)
+            os.chmod(NSS_DIR + "/key3.db", 0640)
+            os.chmod(NSS_DIR + "/secmod.db", 0640)
+
+            pent = pwd.getpwnam("apache")
+            os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid )
+            os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid )
+            os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
+
     except Exception, e:
         print "an unexpected error occurred: %s" % str(e)
         traceback.print_exc()