From a22b4a35f21faca64a372f18f8ae04dbbc67d74b Mon Sep 17 00:00:00 2001
From: Christian Heimes <cheimes@redhat.com>
Date: Wed, 24 Apr 2019 18:39:15 +0200
Subject: [PATCH] chmod SYSTEMD_PKI_TOMCAT_IPA_CONF

Change the permission of the new config file
/etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf to 644.
This fixes the systemd warning

Configuration file /etc/systemd/system/pki-tomcatd@pki-tomcat.service.d/ipa.conf is marked world-inaccessible. This has no effect as configuration data is accessible via APIs without restrictions. Proceeding anyway.

Signed-off-by: Christian Heimes <cheimes@redhat.com>
Reviewed-By: Alexander Bokovoy <abokovoy@redhat.com>
---
 ipaserver/install/cainstance.py | 1 +
 1 file changed, 1 insertion(+)

diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index ade5353f0..f7fc44233 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -613,6 +613,7 @@ class CAInstance(DogtagInstance):
         if not os.path.isdir(directory):
             os.mkdir(directory)
         with open(conf, 'w') as f:
+            os.fchmod(f.fileno(), 0o644)
             f.write('[Service]\n')
             f.write('ExecStartPost={}\n'.format(paths.IPA_PKI_WAIT_RUNNING))
         tasks.systemd_daemon_reload()