diff options
Diffstat (limited to 'install')
-rwxr-xr-x | install/tools/ipa-replica-install | 28 | ||||
-rwxr-xr-x | install/tools/ipa-server-install | 28 | ||||
-rw-r--r-- | install/tools/ipa-upgradeconfig | 6 |
3 files changed, 37 insertions, 25 deletions
diff --git a/install/tools/ipa-replica-install b/install/tools/ipa-replica-install index c39d992d..16f84956 100755 --- a/install/tools/ipa-replica-install +++ b/install/tools/ipa-replica-install @@ -443,18 +443,22 @@ def main(): # Create the management framework config file # Note: We must do this before bootstraping and finalizing ipalib.api - fd = open("/etc/ipa/default.conf", "w") - fd.write("[global]\n") - fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") - fd.write("realm=" + config.realm_name + "\n") - fd.write("domain=" + config.domain_name + "\n") - fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name) - fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) - if ipautil.file_exists(config.dir + "/cacert.p12"): - fd.write("enable_ra=True\n") - fd.write("ra_plugin=dogtag\n") - fd.write("mode=production\n") - fd.close() + old_umask = os.umask(022) # must be readable for httpd + try: + fd = open("/etc/ipa/default.conf", "w") + fd.write("[global]\n") + fd.write("basedn=" + util.realm_to_suffix(config.realm_name) + "\n") + fd.write("realm=" + config.realm_name + "\n") + fd.write("domain=" + config.domain_name + "\n") + fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % config.host_name) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(config.realm_name)) + if ipautil.file_exists(config.dir + "/cacert.p12"): + fd.write("enable_ra=True\n") + fd.write("ra_plugin=dogtag\n") + fd.write("mode=production\n") + fd.close() + finally: + os.umask(old_umask) api.bootstrap(in_server=True) api.finalize() diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install index 7c81dbec..019dfb1a 100755 --- a/install/tools/ipa-server-install +++ b/install/tools/ipa-server-install @@ -676,18 +676,22 @@ def main(): logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders)) # Create the management framework config file and finalize api - fd = open("/etc/ipa/default.conf", "w") - fd.write("[global]\n") - fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n") - fd.write("realm=" + realm_name + "\n") - fd.write("domain=" + domain_name + "\n") - fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name) - fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) - fd.write("enable_ra=True\n") - if not options.selfsign: - fd.write("ra_plugin=dogtag\n") - fd.write("mode=production\n") - fd.close() + old_umask = os.umask(022) # must be readable for httpd + try: + fd = open("/etc/ipa/default.conf", "w") + fd.write("[global]\n") + fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n") + fd.write("realm=" + realm_name + "\n") + fd.write("domain=" + domain_name + "\n") + fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name) + fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name)) + fd.write("enable_ra=True\n") + if not options.selfsign: + fd.write("ra_plugin=dogtag\n") + fd.write("mode=production\n") + fd.close() + finally: + os.umask(old_umask) api.bootstrap(**cfg) api.finalize() diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 0c8d7fcd..4ac30928 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -114,7 +114,11 @@ def check_certs(): if not os.path.exists("/usr/share/ipa/html/ca.crt"): ca_file = "/etc/httpd/alias/cacert.asc" if os.path.exists(ca_file): - shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + old_umask = os.umask(022) # make sure its readable by httpd + try: + shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + finally: + os.umask(old_umask) else: print "Missing Certification Authority file." print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" |