Explicitly call chmod on newly created directories

Without calling os.chmod(), umask is effective and may cause that directory is created with permission that causes failure. This can be related to https://fedorahosted.org/freeipa/ticket/5520 Reviewed-By: Tomas Babej <tbabej@redhat.com>
author: Martin Basti <mbasti@redhat.com> 2015-12-09 13:40:04 +0100
committer: Tomas Babej <tbabej@redhat.com> 2015-12-14 14:57:26 +0100
commit: 4272ba40ea909b1f783a6fada5b1eebb6efbdf93 (patch)
tree: e02fbd38e71f71a4848a62cf761cbfe1b964d192
parent: 5e2cd38ab998230aa81cd07196edfba2b62cb58d (diff)
download: freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.gz
freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.xz
freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.zip
5 files changed, 14 insertions, 8 deletions
diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py
index 06224ff09..41b9654c9 100644
--- a/ipaplatform/base/services.py
+++ b/ipaplatform/base/services.py
@@ -420,6 +420,7 @@ class SystemdService(PlatformService):
             try:
                 if not ipautil.dir_exists(srv_tgt):
                     os.mkdir(srv_tgt)
+                    os.mkdir(srv_tgt, 0o755)
                 if os.path.exists(srv_lnk):
                     # Remove old link
                     os.unlink(srv_lnk)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index 8378aea47..736af7c38 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -800,6 +800,7 @@ class CAInstance(DogtagInstance):
 
         if not ipautil.dir_exists(self.ra_agent_db):
             os.mkdir(self.ra_agent_db)
+            os.chmod(self.ra_agent_db, 0o755)
 
         # Create the password file for this db
         hex_str = binascii.hexlify(os.urandom(10))
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index d19312876..8e9b258bf 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -271,8 +271,8 @@ class Backup(admintool.AdminTool):
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         os.chmod(self.top_dir, 0o750)
         self.dir = os.path.join(self.top_dir, "ipa")
-        os.mkdir(self.dir, 0o750)
-
+        os.mkdir(self.dir)
+        os.chmod(self.dir, 0o750)
         os.chown(self.dir, pent.pw_uid, pent.pw_gid)
 
         self.header = os.path.join(self.top_dir, 'header')
@@ -588,7 +588,8 @@ class Backup(admintool.AdminTool):
             backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
             filename = os.path.join(backup_dir, "ipa-full.tar")
 
-        os.mkdir(backup_dir, 0o700)
+        os.mkdir(backup_dir)
+        os.chmod(backup_dir, 0o700)
 
         cwd = os.getcwd()
         os.chdir(self.dir)
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index c1bce693b..cef0228ea 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -361,7 +361,8 @@ class ReplicaPrepare(admintool.AdminTool):
 
         self.top_dir = tempfile.mkdtemp("ipa")
         self.dir = os.path.join(self.top_dir, "realm_info")
-        os.mkdir(self.dir, 0o700)
+        os.mkdir(self.dir)
+        os.chmod(self.dir, 0o700)
         try:
             self.copy_ds_certificate()
 
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index cfa1fdccf..dd8de209a 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -303,8 +303,8 @@ class Restore(admintool.AdminTool):
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         os.chmod(self.top_dir, 0o750)
         self.dir = os.path.join(self.top_dir, "ipa")
-        os.mkdir(self.dir, 0o750)
-
+        os.mkdir(self.dir)
+        os.chmod(self.dir, 0o750)
         os.chown(self.dir, pent.pw_uid, pent.pw_gid)
 
         cwd = os.getcwd()
@@ -534,7 +534,8 @@ class Restore(admintool.AdminTool):
 
         if not os.path.exists(ldifdir):
             pent = pwd.getpwnam(DS_USER)
-            os.mkdir(ldifdir, 0o770)
+            os.mkdir(ldifdir)
+            os.chmod(ldifdir, 0o770)
             os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
 
         ipautil.backup_file(ldiffile)
@@ -791,7 +792,8 @@ class Restore(admintool.AdminTool):
         for dir in dirs:
             try:
                 self.log.debug('Creating %s' % dir)
-                os.mkdir(dir, 0o770)
+                os.mkdir(dir)
+                os.chmod(dir, 0o770)
                 os.chown(dir, pent.pw_uid, pent.pw_gid)
                 tasks.restore_context(dir)
             except Exception as e:
author	Martin Basti <mbasti@redhat.com>	2015-12-09 13:40:04 +0100
committer	Tomas Babej <tbabej@redhat.com>	2015-12-14 14:57:26 +0100
commit	4272ba40ea909b1f783a6fada5b1eebb6efbdf93 (patch)
tree	e02fbd38e71f71a4848a62cf761cbfe1b964d192
parent	5e2cd38ab998230aa81cd07196edfba2b62cb58d (diff)
download	freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.gz freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.xz freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.zip