diff options
author | Martin Basti <mbasti@redhat.com> | 2015-12-09 13:40:04 +0100 |
---|---|---|
committer | Tomas Babej <tbabej@redhat.com> | 2015-12-14 14:57:26 +0100 |
commit | 4272ba40ea909b1f783a6fada5b1eebb6efbdf93 (patch) | |
tree | e02fbd38e71f71a4848a62cf761cbfe1b964d192 | |
parent | 5e2cd38ab998230aa81cd07196edfba2b62cb58d (diff) | |
download | freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.gz freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.tar.xz freeipa-4272ba40ea909b1f783a6fada5b1eebb6efbdf93.zip |
Explicitly call chmod on newly created directories
Without calling os.chmod(), umask is effective and may cause that
directory is created with permission that causes failure.
This can be related to https://fedorahosted.org/freeipa/ticket/5520
Reviewed-By: Tomas Babej <tbabej@redhat.com>
-rw-r--r-- | ipaplatform/base/services.py | 1 | ||||
-rw-r--r-- | ipaserver/install/cainstance.py | 1 | ||||
-rw-r--r-- | ipaserver/install/ipa_backup.py | 7 | ||||
-rw-r--r-- | ipaserver/install/ipa_replica_prepare.py | 3 | ||||
-rw-r--r-- | ipaserver/install/ipa_restore.py | 10 |
5 files changed, 14 insertions, 8 deletions
diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py index 06224ff09..41b9654c9 100644 --- a/ipaplatform/base/services.py +++ b/ipaplatform/base/services.py @@ -420,6 +420,7 @@ class SystemdService(PlatformService): try: if not ipautil.dir_exists(srv_tgt): os.mkdir(srv_tgt) + os.mkdir(srv_tgt, 0o755) if os.path.exists(srv_lnk): # Remove old link os.unlink(srv_lnk) diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py index 8378aea47..736af7c38 100644 --- a/ipaserver/install/cainstance.py +++ b/ipaserver/install/cainstance.py @@ -800,6 +800,7 @@ class CAInstance(DogtagInstance): if not ipautil.dir_exists(self.ra_agent_db): os.mkdir(self.ra_agent_db) + os.chmod(self.ra_agent_db, 0o755) # Create the password file for this db hex_str = binascii.hexlify(os.urandom(10)) diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py index d19312876..8e9b258bf 100644 --- a/ipaserver/install/ipa_backup.py +++ b/ipaserver/install/ipa_backup.py @@ -271,8 +271,8 @@ class Backup(admintool.AdminTool): os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) os.chmod(self.top_dir, 0o750) self.dir = os.path.join(self.top_dir, "ipa") - os.mkdir(self.dir, 0o750) - + os.mkdir(self.dir) + os.chmod(self.dir, 0o750) os.chown(self.dir, pent.pw_uid, pent.pw_gid) self.header = os.path.join(self.top_dir, 'header') @@ -588,7 +588,8 @@ class Backup(admintool.AdminTool): backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S')) filename = os.path.join(backup_dir, "ipa-full.tar") - os.mkdir(backup_dir, 0o700) + os.mkdir(backup_dir) + os.chmod(backup_dir, 0o700) cwd = os.getcwd() os.chdir(self.dir) diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py index c1bce693b..cef0228ea 100644 --- a/ipaserver/install/ipa_replica_prepare.py +++ b/ipaserver/install/ipa_replica_prepare.py @@ -361,7 +361,8 @@ class ReplicaPrepare(admintool.AdminTool): self.top_dir = tempfile.mkdtemp("ipa") self.dir = os.path.join(self.top_dir, "realm_info") - os.mkdir(self.dir, 0o700) + os.mkdir(self.dir) + os.chmod(self.dir, 0o700) try: self.copy_ds_certificate() diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index cfa1fdccf..dd8de209a 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -303,8 +303,8 @@ class Restore(admintool.AdminTool): os.chown(self.top_dir, pent.pw_uid, pent.pw_gid) os.chmod(self.top_dir, 0o750) self.dir = os.path.join(self.top_dir, "ipa") - os.mkdir(self.dir, 0o750) - + os.mkdir(self.dir) + os.chmod(self.dir, 0o750) os.chown(self.dir, pent.pw_uid, pent.pw_gid) cwd = os.getcwd() @@ -534,7 +534,8 @@ class Restore(admintool.AdminTool): if not os.path.exists(ldifdir): pent = pwd.getpwnam(DS_USER) - os.mkdir(ldifdir, 0o770) + os.mkdir(ldifdir) + os.chmod(ldifdir, 0o770) os.chown(ldifdir, pent.pw_uid, pent.pw_gid) ipautil.backup_file(ldiffile) @@ -791,7 +792,8 @@ class Restore(admintool.AdminTool): for dir in dirs: try: self.log.debug('Creating %s' % dir) - os.mkdir(dir, 0o770) + os.mkdir(dir) + os.chmod(dir, 0o770) os.chown(dir, pent.pw_uid, pent.pw_gid) tasks.restore_context(dir) except Exception as e: |