Added file permissions option to IPAChangeConf.newConf()

Also added information about why os.chmod is called sometimes
after newConf() calls.

https://fedorahosted.org/freeipa/ticket/6392

Reviewed-By: Martin Basti <mbasti@redhat.com>

2 files changed, 5 insertions, 2 deletions

diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py
index 3334396d7..c246402b5 100644
--- a/ipaclient/install/client.py
+++ b/ipaclient/install/client.py
@@ -360,6 +360,7 @@ def configure_ipa_conf(
     target_fname = paths.IPA_DEFAULT_CONF
     fstore.backup_file(target_fname)
     ipaconf.newConf(target_fname, opts)
+    # umask applies when creating a new file but we want 0o644 here
     os.chmod(target_fname, 0o644)
 
 
@@ -746,6 +747,7 @@ def configure_krb5_conf(
     root_logger.debug("%s", krbconf.dump(opts))
 
     krbconf.newConf(filename, opts)
+    # umask applies when creating a new file but we want 0o644 here
     os.chmod(filename, 0o644)
 
 
diff --git a/ipaclient/ipachangeconf.py b/ipaclient/ipachangeconf.py
index 25473fb49..610cd5011 100644
--- a/ipaclient/ipachangeconf.py
+++ b/ipaclient/ipachangeconf.py
@@ -508,12 +508,13 @@ class IPAChangeConf(object):
                 pass
         return True
 
-    def newConf(self, file, options):
+    def newConf(self, file, options, file_perms=0o644):
         """"
         Write settings to a new file, backup the old
         :param file: path to the file
         :param options: a set of dictionaries in the form:
              {'name': 'foo', 'value': 'bar', 'action': 'set/comment'}
+        :param file_perms: number defining the new file's permissions
         """
         output = ""
         f = None
@@ -525,7 +526,7 @@ class IPAChangeConf(object):
                     # The orign file did not exist
                     pass
 
-            f = openLocked(file, 0o644)
+            f = openLocked(file, file_perms)
 
             # Trunkate
             f.seek(0)