Fix ownership of the Apache NSS cert and key databases.

The group "apache" needs to have read access to them so they will work in Fedora 9+.
author: Rob Crittenden <rcritten@redhat.com> 2008-04-28 15:28:13 -0400
committer: Rob Crittenden <rcritten@redhat.com> 2008-04-30 09:44:48 -0400
commit: 274eb708c28abf25087c3656ec93370c2000efd3 (patch)
tree: 8b7bde0d3b14ebfcbab0b6aa55e44799630e5d54
parent: 306d8241b3c635fe9d0c9a92166066463dda1b8c (diff)
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py
index a55cf255..c5f8b50f 100644
--- a/ipa-server/ipaserver/httpinstance.py
+++ b/ipa-server/ipaserver/httpinstance.py
@@ -160,6 +160,16 @@ class HTTPInstance(service.Service):
             ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
             ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca)
 
+        # Fix the database permissions
+        os.chmod(NSS_DIR + "/cert8.db", 0640)
+        os.chmod(NSS_DIR + "/key3.db", 0640)
+        os.chmod(NSS_DIR + "/secmod.db", 0640)
+
+        pent = pwd.getpwnam("apache")
+        os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid )
+        os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid )
+        os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
+
     def __setup_autoconfig(self):
         prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
         prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")
author	Rob Crittenden <rcritten@redhat.com>	2008-04-28 15:28:13 -0400
committer	Rob Crittenden <rcritten@redhat.com>	2008-04-30 09:44:48 -0400
commit	274eb708c28abf25087c3656ec93370c2000efd3 (patch)
tree	8b7bde0d3b14ebfcbab0b6aa55e44799630e5d54
parent	306d8241b3c635fe9d0c9a92166066463dda1b8c (diff)