diff options
author | Jan Cholasta <jcholast@redhat.com> | 2017-02-16 10:57:14 +0100 |
---|---|---|
committer | Jan Cholasta <jcholast@redhat.com> | 2017-02-20 13:00:50 +0000 |
commit | b4fa354f500bcf3ac23ee3805f2c166c6a635b92 (patch) | |
tree | afe46ffaeb2dbc1c4bd71cb57b4fbaf69e6f75fc /ipaclient | |
parent | 6c6c68df544ac1046741d91dfdc59ef8d96b863c (diff) | |
download | freeipa-b4fa354f500bcf3ac23ee3805f2c166c6a635b92.tar.gz freeipa-b4fa354f500bcf3ac23ee3805f2c166c6a635b92.tar.xz freeipa-b4fa354f500bcf3ac23ee3805f2c166c6a635b92.zip |
client install: create /etc/ipa/nssdb with correct mode
The NSS database directory is created with mode 640, which causes the IPA
client to fail to connect to any IPA server, because it is unable to read
trusted CA certificates from the NSS database.
Create the directory with mode 644 to fix the issue.
https://fedorahosted.org/freeipa/ticket/5959
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
Diffstat (limited to 'ipaclient')
-rw-r--r-- | ipaclient/install/client.py | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/ipaclient/install/client.py b/ipaclient/install/client.py index e43ec7bb6..f951770e5 100644 --- a/ipaclient/install/client.py +++ b/ipaclient/install/client.py @@ -2284,7 +2284,7 @@ def install_check(options): def create_ipa_nssdb(): db = certdb.NSSDatabase(paths.IPA_NSSDB_DIR) - db.create_db(backup=True) + db.create_db(mode=0o755, backup=True) os.chmod(db.pwd_file, 0o600) os.chmod(os.path.join(db.secdir, 'cert8.db'), 0o644) os.chmod(os.path.join(db.secdir, 'key3.db'), 0o644) |