IntenseWebs/freeipa
3
0
Fork 0
mirror of https://salsa.debian.org/freeipa-team/freeipa.git synced 2025-02-25 18:55:28 -06:00
Code Issues Packages Projects Releases Wiki Activity

Fix ownership of the Apache NSS cert and key databases.

Browse Source 
The group "apache" needs to have read access to them so they will work in
Fedora 9+.
This commit is contained in:
Rob Crittenden 2008-04-28 15:28:13 -04:00
parent 306d8241b3
commit 274eb708c2
1 changed files with 10 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

10
ipa-server/ipaserver/httpinstance.py
View File

@ -160,6 +160,16 @@ class HTTPInstance(service.Service):
ca.create_server_cert("Server-Cert", "cn=%s,ou=Apache Web Server" % self.fqdn, ds_ca)
ca.create_signing_cert("Signing-Cert", "cn=%s,ou=Signing Certificate,o=Identity Policy Audit" % self.fqdn, ds_ca)
# Fix the database permissions
os.chmod(NSS_DIR + "/cert8.db", 0640)
os.chmod(NSS_DIR + "/key3.db", 0640)
os.chmod(NSS_DIR + "/secmod.db", 0640)
pent = pwd.getpwnam("apache")
os.chown(NSS_DIR + "/cert8.db", 0, pent.pw_gid )
os.chown(NSS_DIR + "/key3.db", 0, pent.pw_gid )
os.chown(NSS_DIR + "/secmod.db", 0, pent.pw_gid )
def __setup_autoconfig(self):
prefs_txt = ipautil.template_file(ipautil.SHARE_DIR + "preferences.html.template", self.sub_dict)
prefs_fd = open("/usr/share/ipa/html/preferences.html", "w")