Bugzilla Bug 620925 - CC: auditor needs to be able to download audit logs in the java subsystems

git-svn-id: svn+ssh://svn.fedorahosted.org/svn/pki/trunk@1201 c9f7a03b-bd48-0410-a16d-cbbf54688b0b
author: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-08-17 03:46:30 +0000
committer: vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b> 2010-08-17 03:46:30 +0000
commit: 4ad7f77b5cfe617884d5058f68723b5b998698a6 (patch)
tree: 80eab66fd737141383fdc449921e45b7646ac025
parent: 03b6fed03047d24d7d31343f3143b7407b796454 (diff)
download: pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.gz
pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.xz
pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.zip
11 files changed, 93 insertions, 9 deletions
diff --git a/pki/base/ca/shared/etc/init.d/pki-cad b/pki/base/ca/shared/etc/init.d/pki-cad
index fe738686..f26e8904 100755
--- a/pki/base/ca/shared/etc/init.d/pki-cad
+++ b/pki/base/ca/shared/etc/init.d/pki-cad
@@ -1385,6 +1385,27 @@ start_instance()
 			PKI_SECURE_PORT="<Port Undefined>"
 		fi
 
+                # Set permissions of log files
+                pki_logs_directory=${PKI_INSTANCE_PATH}/logs
+                pki_signedAudit="${pki_logs_directory}/signedAudit"
+                for file in ${pki_logs_directory}/*; do
+                    if  [  ! -d "${file}" ]; then
+                            chmod 00640 ${file}
+                            chgrp $TOMCAT_GROUP ${file}
+                            chown $TOMCAT_USER ${file}
+                    fi
+                done
+
+                # Set permissions of signedAudit log files
+                # do not set the group id, this will be set by the sgid on the directory
+                pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l`
+                if  [ ${pki_signedAudit_files} -gt 0 ]; then
+                    for file in ${pki_signedAudit}/*; do
+                        chmod 00640 ${file}
+                        chown $TOMCAT_USER ${file}
+                    done
+                fi
+
 		# ignore "status" return codes
 		echo
 		display_instance_status
diff --git a/pki/base/common/src/com/netscape/cms/logging/LogFile.java b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
index b5239a8f..cf2ae1b9 100644
--- a/pki/base/common/src/com/netscape/cms/logging/LogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/LogFile.java
@@ -486,7 +486,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
         if( !Utils.isNT() ) {
             // Always insure that a physical file exists!
             Utils.exec( "touch " + mFileName );
-            Utils.exec( "chmod 00660 " + mFileName );
+            Utils.exec( "chmod 00640 " + mFileName );
         }
         mFile = new File(mFileName);
         mBufferSize = bufferSize;
@@ -729,7 +729,7 @@ public class LogFile implements ILogEventListener, IExtendedPluginInfo {
             mBytesWritten = (int) out.length();
             if( !Utils.isNT() ) {
                 try {
-                    Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+                    Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
                 } catch( IOException e ) {
                     CMS.debug( "Unable to change file permissions on "
                              + mFile.toString() );
diff --git a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
index 96422518..97dbadf3 100644
--- a/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
+++ b/pki/base/common/src/com/netscape/cms/logging/RollingLogFile.java
@@ -234,7 +234,7 @@ public class RollingLogFile extends LogFile {
                 // Make certain that the backup file has
                 // the correct permissions.
                 if( !Utils.isNT() ) {
-                    Utils.exec( "chmod 00660 " + backupFile.getCanonicalPath() );
+                    Utils.exec( "chmod 00640 " + backupFile.getCanonicalPath() );
                 }
 
                 try {
@@ -246,7 +246,7 @@ public class RollingLogFile extends LogFile {
                     // Make certain that the original file retains
                     // the correct permissions.
                     if( !Utils.isNT() ) {
-                        Utils.exec( "chmod 00660 " + mFile.getCanonicalPath() );
+                        Utils.exec( "chmod 00640 " + mFile.getCanonicalPath() );
                     }
                 } catch ( FileNotFoundException e ) {
                     CMS.debug( "Unable to zeroize "
diff --git a/pki/base/common/src/com/netscape/cmscore/util/Debug.java b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
index 5edc4462..b9b794e9 100644
--- a/pki/base/common/src/com/netscape/cmscore/util/Debug.java
+++ b/pki/base/common/src/com/netscape/cmscore/util/Debug.java
@@ -317,7 +317,7 @@ public class Debug
                     if( !Utils.isNT() ) {
                         // Always insure that a physical file exists!
                         Utils.exec( "touch " + filename );
-                        Utils.exec( "chmod 00660 " + filename );
+                        Utils.exec( "chmod 00640 " + filename );
                     }
                     OutputStream os = new FileOutputStream(filename, append);
                     mOut = new PrintStream(os, true);  /* true == autoflush */
diff --git a/pki/base/kra/shared/etc/init.d/pki-krad b/pki/base/kra/shared/etc/init.d/pki-krad
index 8658b5af..5a3b9be9 100755
--- a/pki/base/kra/shared/etc/init.d/pki-krad
+++ b/pki/base/kra/shared/etc/init.d/pki-krad
@@ -1383,6 +1383,27 @@ start_instance()
 			PKI_SECURE_PORT="<Port Undefined>"
 		fi
 
+                # Set permissions of log files
+                pki_logs_directory=${PKI_INSTANCE_PATH}/logs
+                pki_signedAudit="${pki_logs_directory}/signedAudit"
+                for file in ${pki_logs_directory}/*; do
+                    if  [  ! -d "${file}" ]; then
+                            chmod 00640 ${file}
+                            chgrp $TOMCAT_GROUP ${file}
+                            chown $TOMCAT_USER ${file}
+                    fi
+                done
+
+                # Set permissions of signedAudit log files
+                # do not set the group id, this will be set by the sgid on the directory
+                pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l`
+                if  [ ${pki_signedAudit_files} -gt 0 ]; then
+                    for file in ${pki_signedAudit}/*; do
+                        chmod 00640 ${file}
+                        chown $TOMCAT_USER ${file}
+                    done
+                fi
+
 		# ignore "status" return codes
 		echo
 		display_instance_status
diff --git a/pki/base/ocsp/shared/etc/init.d/pki-ocspd b/pki/base/ocsp/shared/etc/init.d/pki-ocspd
index 0c3e1c25..70520dc3 100755
--- a/pki/base/ocsp/shared/etc/init.d/pki-ocspd
+++ b/pki/base/ocsp/shared/etc/init.d/pki-ocspd
@@ -1383,6 +1383,27 @@ start_instance()
 			PKI_SECURE_PORT="<Port Undefined>"
 		fi
 
+                # Set permissions of log files
+                pki_logs_directory=${PKI_INSTANCE_PATH}/logs
+                pki_signedAudit="${pki_logs_directory}/signedAudit"
+                for file in ${pki_logs_directory}/*; do
+                    if  [  ! -d "${file}" ]; then
+                            chmod 00640 ${file}
+                            chgrp $TOMCAT_GROUP ${file}
+                            chown $TOMCAT_USER ${file}
+                    fi
+                done
+
+                # Set permissions of signedAudit log files
+                # do not set the group id, this will be set by the sgid on the directory
+                pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l`
+                if  [ ${pki_signedAudit_files} -gt 0 ]; then
+                    for file in ${pki_signedAudit}/*; do
+                        chmod 00640 ${file}
+                        chown $TOMCAT_USER ${file}
+                    done
+                fi
+
 		# ignore "status" return codes
 		echo
 		display_instance_status
diff --git a/pki/base/ra/lib/perl/PKI/RA/wizard.pm b/pki/base/ra/lib/perl/PKI/RA/wizard.pm
index ecfe6dd3..f7b43e80 100755
--- a/pki/base/ra/lib/perl/PKI/RA/wizard.pm
+++ b/pki/base/ra/lib/perl/PKI/RA/wizard.pm
@@ -107,7 +107,7 @@ if( $^O ne "linux" ) {
 # create cfg debug log
 my $logfile = $config->get("service.instanceDir") .  "/logs/debug";
 system( "touch $logfile" );
-system( "chmod 00660 $logfile" );
+system( "chmod 00640 $logfile" );
 open( DEBUG, ">>" . $logfile ) ||
 warn( "Could not open '" . $logfile . "':  $!" );
 
diff --git a/pki/base/tks/shared/etc/init.d/pki-tksd b/pki/base/tks/shared/etc/init.d/pki-tksd
index b12d47e1..7d6bb99a 100755
--- a/pki/base/tks/shared/etc/init.d/pki-tksd
+++ b/pki/base/tks/shared/etc/init.d/pki-tksd
@@ -1383,6 +1383,27 @@ start_instance()
 			PKI_SECURE_PORT="<Port Undefined>"
 		fi
 
+                # Set permissions of log files
+                pki_logs_directory=${PKI_INSTANCE_PATH}/logs
+                pki_signedAudit="${pki_logs_directory}/signedAudit"
+                for file in ${pki_logs_directory}/*; do
+                    if  [  ! -d "${file}" ]; then
+                            chmod 00640 ${file}
+                            chgrp $TOMCAT_GROUP ${file}
+                            chown $TOMCAT_USER ${file}
+                    fi
+                done
+
+                # Set permissions of signedAudit log files
+                # do not set the group id, this will be set by the sgid on the directory
+                pki_signedAudit_files=`ls -1A ${pki_signedAudit} | wc -l`
+                if  [ ${pki_signedAudit_files} -gt 0 ]; then
+                    for file in ${pki_signedAudit}/*; do
+                        chmod 00640 ${file}
+                        chown $TOMCAT_USER ${file}
+                    done
+                fi
+
 		# ignore "status" return codes
 		echo
 		display_instance_status
diff --git a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
index 328820e6..5b2035f7 100755
--- a/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
+++ b/pki/base/tps/lib/perl/PKI/TPS/wizard.pm
@@ -108,7 +108,7 @@ if( $^O ne "linux" ) {
 # create cfg debug log
 my $logfile = $config->get("service.instanceDir") .  "/logs/debug";
 system( "touch $logfile" );
-system( "chmod 00660 $logfile" );
+system( "chmod 00640 $logfile" );
 open( DEBUG, ">>" . $logfile ) ||
 warn( "Could not open '" . $logfile . "':  $!" );
 
diff --git a/pki/base/tps/src/main/LogFile.cpp b/pki/base/tps/src/main/LogFile.cpp
index 6bd3f056..aa883eea 100644
--- a/pki/base/tps/src/main/LogFile.cpp
+++ b/pki/base/tps/src/main/LogFile.cpp
@@ -125,7 +125,7 @@ int LogFile::open()
     PRFileInfo info;
     PR_EnterMonitor(m_monitor);
     if (m_fd == NULL) {
-        m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_APPEND, 440|220);
+        m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_APPEND, 440|200);
         if (m_fd == NULL) {
             m_ctx->LogError( "LogFile::open",
                       __LINE__,
diff --git a/pki/base/tps/src/main/RollingLogFile.cpp b/pki/base/tps/src/main/RollingLogFile.cpp
index 378b6729..dd8f2dba 100644
--- a/pki/base/tps/src/main/RollingLogFile.cpp
+++ b/pki/base/tps/src/main/RollingLogFile.cpp
@@ -212,7 +212,7 @@ void RollingLogFile::rotate() {
     }
 
     /* open the new file */
-    m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 440|220);
+    m_fd = PR_Open(m_fname,  PR_RDWR | PR_CREATE_FILE | PR_TRUNCATE, 440|200);
     set_bytes_written(0);
     if (m_fd == NULL) {
         m_ctx->LogError( "RollingLogFile::rotate",
author	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-08-17 03:46:30 +0000
committer	vakwetu <vakwetu@c9f7a03b-bd48-0410-a16d-cbbf54688b0b>	2010-08-17 03:46:30 +0000
commit	4ad7f77b5cfe617884d5058f68723b5b998698a6 (patch)
tree	80eab66fd737141383fdc449921e45b7646ac025
parent	03b6fed03047d24d7d31343f3143b7407b796454 (diff)
download	pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.gz pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.tar.xz pki-4ad7f77b5cfe617884d5058f68723b5b998698a6.zip