summaryrefslogtreecommitdiffstats
path: root/install
diff options
context:
space:
mode:
Diffstat (limited to 'install')
-rwxr-xr-xinstall/tools/ipa-replica-install28
-rwxr-xr-xinstall/tools/ipa-server-install28
-rw-r--r--install/tools/ipa-upgradeconfig6
3 files changed, 37 insertions, 25 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install
index c39d992d..16f84956 100755
--- a/install/tools/ipa-replica-install
+++ b/install/tools/ipa-replica-install
@@ -443,18 +443,22 @@ def main():
# Create the management framework config file
# Note: We must do this before bootstraping and finalizing ipalib.api
- fd = open("/etc/ipa/default.conf", "w")
- fd.write("[global]\n")
- fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
- fd.write("realm=" + config.realm_name + "\n")
- fd.write("domain=" + config.domain_name + "\n")
- fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name)
- fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
- if ipautil.file_exists(config.dir + "/cacert.p12"):
- fd.write("enable_ra=True\n")
- fd.write("ra_plugin=dogtag\n")
- fd.write("mode=production\n")
- fd.close()
+ old_umask = os.umask(022) # must be readable for httpd
+ try:
+ fd = open("/etc/ipa/default.conf", "w")
+ fd.write("[global]\n")
+ fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n")
+ fd.write("realm=" + config.realm_name + "\n")
+ fd.write("domain=" + config.domain_name + "\n")
+ fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name)
+ fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name))
+ if ipautil.file_exists(config.dir + "/cacert.p12"):
+ fd.write("enable_ra=True\n")
+ fd.write("ra_plugin=dogtag\n")
+ fd.write("mode=production\n")
+ fd.close()
+ finally:
+ os.umask(old_umask)
api.bootstrap(in_server=True)
api.finalize()
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index 7c81dbec..019dfb1a 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -676,18 +676,22 @@ def main():
logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
# Create the management framework config file and finalize api
- fd = open("/etc/ipa/default.conf", "w")
- fd.write("[global]\n")
- fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
- fd.write("realm=" + realm_name + "\n")
- fd.write("domain=" + domain_name + "\n")
- fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
- fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
- fd.write("enable_ra=True\n")
- if not options.selfsign:
- fd.write("ra_plugin=dogtag\n")
- fd.write("mode=production\n")
- fd.close()
+ old_umask = os.umask(022) # must be readable for httpd
+ try:
+ fd = open("/etc/ipa/default.conf", "w")
+ fd.write("[global]\n")
+ fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
+ fd.write("realm=" + realm_name + "\n")
+ fd.write("domain=" + domain_name + "\n")
+ fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
+ fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
+ fd.write("enable_ra=True\n")
+ if not options.selfsign:
+ fd.write("ra_plugin=dogtag\n")
+ fd.write("mode=production\n")
+ fd.close()
+ finally:
+ os.umask(old_umask)
api.bootstrap(**cfg)
api.finalize()
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig
index 0c8d7fcd..4ac30928 100644
--- a/install/tools/ipa-upgradeconfig
+++ b/install/tools/ipa-upgradeconfig
@@ -114,7 +114,11 @@ def check_certs():
if not os.path.exists("/usr/share/ipa/html/ca.crt"):
ca_file = "/etc/httpd/alias/cacert.asc"
if os.path.exists(ca_file):
- shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
+ old_umask = os.umask(022) # make sure its readable by httpd
+ try:
+ shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt")
+ finally:
+ os.umask(old_umask)
else:
print "Missing Certification Authority file."
print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt"