Fix permissions in installers

Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
author: Martin Kosek <mkosek@redhat.com> 2011-08-30 16:32:40 +0200
committer: Martin Kosek <mkosek@redhat.com> 2011-09-07 13:02:43 +0200
commit: d0ce604b4d69d7f6fa5e0bb81647f839abd6291d (patch)
tree: e26f64ecdf6335410fe588eb8601a522943aeed8 /install/tools
parent: 95beb84464b59813c050aa87fb39aea5a0bf6c39 (diff)
download: freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.gz
freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.xz
freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.zip
1 files changed, 17 insertions, 17 deletions
diff --git a/install/tools/ipa-server-install b/install/tools/ipa-server-install
index cb51b1daf..0572d4f26 100755
--- a/install/tools/ipa-server-install
+++ b/install/tools/ipa-server-install
@@ -820,23 +820,23 @@ def main():
     logging.debug("will use dns_forwarders: %s\n" % str(dns_forwarders))
 
     # Create the management framework config file and finalize api
-    old_umask = os.umask(022)   # must be readable for httpd
-    try:
-        fd = open("/etc/ipa/default.conf", "w")
-        fd.write("[global]\n")
-        fd.write("host=" + host_name + "\n")
-        fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
-        fd.write("realm=" + realm_name + "\n")
-        fd.write("domain=" + domain_name + "\n")
-        fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
-        fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
-        fd.write("enable_ra=True\n")
-        if not options.selfsign:
-            fd.write("ra_plugin=dogtag\n")
-        fd.write("mode=production\n")
-        fd.close()
-    finally:
-        os.umask(old_umask)
+    target_fname = '/etc/ipa/default.conf'
+    fd = open(target_fname, "w")
+    fd.write("[global]\n")
+    fd.write("host=" + host_name + "\n")
+    fd.write("basedn=" + util.realm_to_suffix(realm_name) + "\n")
+    fd.write("realm=" + realm_name + "\n")
+    fd.write("domain=" + domain_name + "\n")
+    fd.write("xmlrpc_uri=https://%s/ipa/xml\n" % host_name)
+    fd.write("ldap_uri=ldapi://%%2fvar%%2frun%%2fslapd-%s.socket\n" % dsinstance.realm_to_serverid(realm_name))
+    fd.write("enable_ra=True\n")
+    if not options.selfsign:
+        fd.write("ra_plugin=dogtag\n")
+    fd.write("mode=production\n")
+    fd.close()
+
+    # Must be readable for everyone
+    os.chmod(target_fname, 0644)
 
     api.bootstrap(**cfg)
     api.finalize()
author	Martin Kosek <mkosek@redhat.com>	2011-08-30 16:32:40 +0200
committer	Martin Kosek <mkosek@redhat.com>	2011-09-07 13:02:43 +0200
commit	d0ce604b4d69d7f6fa5e0bb81647f839abd6291d (patch)
tree	e26f64ecdf6335410fe588eb8601a522943aeed8 /install/tools
parent	95beb84464b59813c050aa87fb39aea5a0bf6c39 (diff)
download	freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.gz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.tar.xz freeipa-d0ce604b4d69d7f6fa5e0bb81647f839abd6291d.zip