diff options
author | Martin Kosek <mkosek@redhat.com> | 2011-06-17 14:19:45 +0200 |
---|---|---|
committer | Rob Crittenden <rcritten@redhat.com> | 2011-06-21 23:45:00 -0400 |
commit | b227208d010bf88a11c46149ac5844c4a55ab9ad (patch) | |
tree | 5bbfe6b3f803995394de1b089c5d09bbf9bf2f8b /install/tools/ipa-upgradeconfig | |
parent | ba42b700eb98978fa5403bf5e39f9c9e31338fb4 (diff) | |
download | freeipa-b227208d010bf88a11c46149ac5844c4a55ab9ad.tar.gz freeipa-b227208d010bf88a11c46149ac5844c4a55ab9ad.tar.xz freeipa-b227208d010bf88a11c46149ac5844c4a55ab9ad.zip |
Fix IPA install for secure umask
Make sure that IPA can be installed with root umask set to secure
value 077. ipa-server-install was failing in DS configuration phase
when dirsrv tried to read boot.ldif created during installation.
https://fedorahosted.org/freeipa/ticket/1282
Diffstat (limited to 'install/tools/ipa-upgradeconfig')
-rw-r--r-- | install/tools/ipa-upgradeconfig | 6 |
1 files changed, 5 insertions, 1 deletions
diff --git a/install/tools/ipa-upgradeconfig b/install/tools/ipa-upgradeconfig index 0c8d7fcd8..4ac309288 100644 --- a/install/tools/ipa-upgradeconfig +++ b/install/tools/ipa-upgradeconfig @@ -114,7 +114,11 @@ def check_certs(): if not os.path.exists("/usr/share/ipa/html/ca.crt"): ca_file = "/etc/httpd/alias/cacert.asc" if os.path.exists(ca_file): - shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + old_umask = os.umask(022) # make sure its readable by httpd + try: + shutil.copyfile(ca_file, "/usr/share/ipa/html/ca.crt") + finally: + os.umask(old_umask) else: print "Missing Certification Authority file." print "You should place a copy of the CA certificate in /usr/share/ipa/html/ca.crt" |