Make /etc/httpd/alias world readable & executable

The directory /etc/httpd/alias contains public key material. It must be world readable and executable, so any client can read public certs. Note: executable for a directory means, that a process is allowed to traverse into the directory. Fixes: https://pagure.io/freeipa/issue/7594 Signed-off-by: Christian Heimes <cheimes@redhat.com> Reviewed-By: Tibor Dudlak <tdudlak@redhat.com> Reviewed-By: Rob Crittenden <rcritten@redhat.com>
2025-02-25 18:55:28 -06:00 · 2018-06-22 12:25:33 +02:00 · 2018-06-22 12:25:33 +02:00 · 89b2137dc2
commit 89b2137dc2
parent 1434f2a203
1 changed files with 2 additions and 1 deletions
--- a/ipaserver/install/httpinstance.py
+++ b/ipaserver/install/httpinstance.py
@ -181,7 +181,8 @@ class HTTPInstance(service.Service):
        session_dir = os.path.dirname(self.sub_dict['GSSAPI_SESSION_KEY'])
        if not os.path.isdir(session_dir):
            os.makedirs(session_dir)
-            os.chmod(session_dir, 0o755)
+        # Must be world-readable / executable
+        os.chmod(session_dir, 0o755)

        target_fname = paths.HTTPD_IPA_CONF
        http_txt = ipautil.template_file(