diff options
| author | Martin Basti <mbasti@redhat.com> | 2015-12-09 12:12:22 +0100 |
|---|---|---|
| committer | Tomas Babej <tbabej@redhat.com> | 2015-12-14 14:57:26 +0100 |
| commit | 5e2cd38ab998230aa81cd07196edfba2b62cb58d (patch) | |
| tree | 1c4f81f719bf80432a4da67322979aa179dca9bd /ipaserver/install/dnskeysyncinstance.py | |
| parent | c856401478ce2f4fdd9cd7192afd18704f78e2e6 (diff) | |
| download | freeipa-5e2cd38ab998230aa81cd07196edfba2b62cb58d.tar.gz freeipa-5e2cd38ab998230aa81cd07196edfba2b62cb58d.tar.xz freeipa-5e2cd38ab998230aa81cd07196edfba2b62cb58d.zip | |
DNS: fix file permissions
With non default umask named-pkcs11 cannot access the softhsm token storage
https://fedorahosted.org/freeipa/ticket/5520
Reviewed-By: Tomas Babej <tbabej@redhat.com>
Diffstat (limited to 'ipaserver/install/dnskeysyncinstance.py')
| -rw-r--r-- | ipaserver/install/dnskeysyncinstance.py | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py index b2ccc0274..f2a976eec 100644 --- a/ipaserver/install/dnskeysyncinstance.py +++ b/ipaserver/install/dnskeysyncinstance.py @@ -201,7 +201,8 @@ class DNSKeySyncInstance(service.Service): # create dnssec directory if not os.path.exists(paths.IPA_DNSSEC_DIR): self.logger.debug("Creating %s directory", paths.IPA_DNSSEC_DIR) - os.mkdir(paths.IPA_DNSSEC_DIR, 0o770) + os.mkdir(paths.IPA_DNSSEC_DIR) + os.chmod(paths.IPA_DNSSEC_DIR, 0o770) # chown ods:named os.chown(paths.IPA_DNSSEC_DIR, self.ods_uid, self.named_gid) @@ -218,6 +219,7 @@ class DNSKeySyncInstance(service.Service): named_fd.truncate(0) named_fd.write(softhsm_conf_txt) named_fd.close() + os.chmod(paths.DNSSEC_SOFTHSM2_CONF, 0o644) # setting up named to use softhsm2 if not self.fstore.has_file(paths.SYSCONFIG_NAMED): |