Fix permissions in installers

Fix permissions for (configuration) files produced by ipa-server-install or ipa-client-install. This patch is needed when root has a umask preventing files from being world readable. https://fedorahosted.org/freeipa/ticket/1644
2025-02-25 18:55:28 -06:00 · 2011-08-30 16:32:40 +02:00
parent 95beb84464
commit d0ce604b4d
5 changed files with 47 additions and 33 deletions
--- a/ipaserver/install/dsinstance.py
+++ b/ipaserver/install/dsinstance.py
@@ -356,13 +356,14 @@ class DsInstance(service.Service):
        self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower()
        base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict)
        logging.debug(base_txt)
-        old_umask = os.umask(022)   # must be readable for dirsrv
-        try:
-            base_fd = open("/var/lib/dirsrv/boot.ldif", "w")
-            base_fd.write(base_txt)
-            base_fd.close()
-        finally:
-            os.umask(old_umask)
+
+        target_fname = '/var/lib/dirsrv/boot.ldif'
+        base_fd = open(target_fname, "w")
+        base_fd.write(base_txt)
+        base_fd.close()
+
+        # Must be readable for dirsrv
+        os.chmod(target_fname, 0440)

        inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict)
        logging.debug("writing inf template")