From 8da0e2e9774ead01d5c0fa53b1498f15b1818b79 Mon Sep 17 00:00:00 2001
From: Rob Crittenden <rcritten@redhat.com>
Date: Fri, 20 Sep 2019 15:36:36 -0400
Subject: [PATCH] ipa-restore: Restore ownership and perms on 389-ds log
 directory

Previously it would end up being owned by root:root mode 0755
instead of dirsrv:dirsrv mode 0770.

https://pagure.io/freeipa/issue/7725

Signed-off-by: Rob Crittenden <rcritten@redhat.com>
Reviewed-By: Florence Blanc-Renaud <frenaud@redhat.com>
---
 ipaserver/install/ipa_restore.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 7e67dc980..776c5582f 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -631,6 +631,10 @@ class Restore(admintool.AdminTool):
                 os.makedirs(template_dir)
             except OSError as e:
                 pass
+
+            os.chown(template_dir, pent.pw_uid, pent.pw_gid)
+            os.chmod(template_dir, 0o770)
+
             # Restore SELinux context of template_dir
             tasks.restore_context(template_dir)