Added file permissions option to IPAChangeConf.newConf()

Also added information about why os.chmod is called sometimes after newConf() calls. https://fedorahosted.org/freeipa/ticket/6392 Reviewed-By: Martin Basti <mbasti@redhat.com>
2025-02-25 18:55:28 -06:00 · 2016-11-03 12:29:45 +01:00
parent 990e1acb1a
commit b068d3336a
3 changed files with 8 additions and 3 deletions
--- a/ipaserver/install/server/replicainstall.py
+++ b/ipaserver/install/server/replicainstall.py
@@ -264,7 +264,9 @@ def create_ipa_conf(fstore, config, ca_enabled):
        {'name': 'empty', 'type': 'empty'}
    ]
    ipaconf.newConf(target_fname, opts)
-    os.chmod(target_fname, 0o644)   # must be readable for httpd
+    # the new file must be readable for httpd
+    # Also, umask applies when creating a new file but we want 0o644 here
+    os.chmod(target_fname, 0o644)


 def check_dirsrv():