Explicitly call chmod on newly created directories

Without calling os.chmod(), umask is effective and may cause that
directory is created with permission that causes failure.

This can be related to https://fedorahosted.org/freeipa/ticket/5520

Reviewed-By: Tomas Babej <tbabej@redhat.com>

ipaplatform/base/services.py

@@ -420,6 +420,7 @@ class SystemdService(PlatformService):
             try:
                 if not ipautil.dir_exists(srv_tgt):
                     os.mkdir(srv_tgt)
+                    os.mkdir(srv_tgt, 0o755)
                 if os.path.exists(srv_lnk):
                     # Remove old link
                     os.unlink(srv_lnk)

ipaserver/install/cainstance.py

@@ -800,6 +800,7 @@ class CAInstance(DogtagInstance):
 
         if not ipautil.dir_exists(self.ra_agent_db):
             os.mkdir(self.ra_agent_db)
+            os.chmod(self.ra_agent_db, 0o755)
 
         # Create the password file for this db
         hex_str = binascii.hexlify(os.urandom(10))

ipaserver/install/ipa_backup.py

@@ -271,8 +271,8 @@ class Backup(admintool.AdminTool):
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         os.chmod(self.top_dir, 0o750)
         self.dir = os.path.join(self.top_dir, "ipa")
-        os.mkdir(self.dir, 0o750)
+        os.mkdir(self.dir)
-
+        os.chmod(self.dir, 0o750)
         os.chown(self.dir, pent.pw_uid, pent.pw_gid)
 
         self.header = os.path.join(self.top_dir, 'header')
@@ -588,7 +588,8 @@ class Backup(admintool.AdminTool):
             backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
             filename = os.path.join(backup_dir, "ipa-full.tar")
 
-        os.mkdir(backup_dir, 0o700)
+        os.mkdir(backup_dir)
+        os.chmod(backup_dir, 0o700)
 
         cwd = os.getcwd()
         os.chdir(self.dir)

ipaserver/install/ipa_replica_prepare.py

@@ -361,7 +361,8 @@ class ReplicaPrepare(admintool.AdminTool):
 
         self.top_dir = tempfile.mkdtemp("ipa")
         self.dir = os.path.join(self.top_dir, "realm_info")
-        os.mkdir(self.dir, 0o700)
+        os.mkdir(self.dir)
+        os.chmod(self.dir, 0o700)
         try:
             self.copy_ds_certificate()
 

ipaserver/install/ipa_restore.py

@@ -303,8 +303,8 @@ class Restore(admintool.AdminTool):
         os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
         os.chmod(self.top_dir, 0o750)
         self.dir = os.path.join(self.top_dir, "ipa")
-        os.mkdir(self.dir, 0o750)
+        os.mkdir(self.dir)
-
+        os.chmod(self.dir, 0o750)
         os.chown(self.dir, pent.pw_uid, pent.pw_gid)
 
         cwd = os.getcwd()
@@ -534,7 +534,8 @@ class Restore(admintool.AdminTool):
 
         if not os.path.exists(ldifdir):
             pent = pwd.getpwnam(DS_USER)
-            os.mkdir(ldifdir, 0o770)
+            os.mkdir(ldifdir)
+            os.chmod(ldifdir, 0o770)
             os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
 
         ipautil.backup_file(ldiffile)
@@ -791,7 +792,8 @@ class Restore(admintool.AdminTool):
         for dir in dirs:
             try:
                 self.log.debug('Creating %s' % dir)
-                os.mkdir(dir, 0o770)
+                os.mkdir(dir)
+                os.chmod(dir, 0o770)
                 os.chown(dir, pent.pw_uid, pent.pw_gid)
                 tasks.restore_context(dir)
             except Exception as e: