diff options
| author | Rob Crittenden <rcritten@redhat.com> | 2008-04-28 15:28:13 -0400 |
|---|---|---|
| committer | Rob Crittenden <rcritten@redhat.com> | 2008-04-30 09:43:45 -0400 |
| commit | 3bbad0704d747b64ba69e0076f21e1aaba80963e (patch) | |
| tree | 8b7bde0d3b14ebfcbab0b6aa55e44799630e5d54 /ipa-server/ipaserver | |
| parent | 71f9d0169b8c0d7082fb65a59d59daba9f448aa6 (diff) | |
| download | freeipa-3bbad0704d747b64ba69e0076f21e1aaba80963e.tar.gz freeipa-3bbad0704d747b64ba69e0076f21e1aaba80963e.tar.xz freeipa-3bbad0704d747b64ba69e0076f21e1aaba80963e.zip | |
Fix ownership of the Apache NSS cert and key databases.
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
Diffstat (limited to 'ipa-server/ipaserver')
| -rw-r--r-- | ipa-server/ipaserver/httpinstance.py | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/ipa-server/ipaserver/httpinstance.py b/ipa-server/ipaserver/httpinstance.py index a55cf255..c5f8b50f 100644 --- a/ipa-server/ipaserver/httpinstance.py +++ b/ipa-server/ipaserver/httpinstance.py @@ -160,6 +160,16 @@ class HTTPInstance(service.Service): ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca) ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca) + # Fix the database permissions + os.chmod(NSS_DIR + "/cert8.db", 0640) + os.chmod(NSS_DIR + "/key3.db", 0640) + os.chmod(NSS_DIR + "/secmod.db", 0640) + + pent = pwd.getpwnam("apache") + os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid ) + os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid ) + def __setup_autoconfig(self): prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict) prefs_fd = open("/usr/share/ipa/html/preferences.html", "w") |