URL: https://github.com/freeipa/freeipa/pull/1325 Author: tiran Title: #1325: [Backport][ipa-4-6] Backport pr1262 ipa 4 6 Action: opened
PR body: """ This PR was opened manually because PR #1262 was pushed to master and backport to ipa-4-6 is required. """ To pull the PR as Git branch: git remote add ghfreeipa https://github.com/freeipa/freeipa git fetch ghfreeipa pull/1325/head:pr1325 git checkout pr1325
From 2bdee4b415379bbd8f0cfc5315ac7f46e0d8e975 Mon Sep 17 00:00:00 2001 From: Aleksei Slaikovskii <aslai...@redhat.com> Date: Thu, 9 Nov 2017 09:28:42 +0100 Subject: [PATCH] ipa-restore: Set umask to 0022 while restoring When some users are setting the umask to 0027 due to security policies ipa-restore will result not working dirsrv. So a fix is to temporary set umask to 0022 while ipa-restore is running. https://pagure.io/freeipa/issue/6844 Reviewed-By: Christian Heimes <chei...@redhat.com> --- ipaserver/install/ipa_restore.py | 5 +++++ 1 file changed, 5 insertions(+) diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py index 8a2b688e17..1dd7b0f8ac 100644 --- a/ipaserver/install/ipa_restore.py +++ b/ipaserver/install/ipa_restore.py @@ -316,6 +316,9 @@ def run(self): os.chown(self.dir, pent.pw_uid, pent.pw_gid) cwd = os.getcwd() + + logger.info("Temporary setting umask to 022") + old_umask = os.umask(0o022) try: dirsrv = services.knownservices.dirsrv @@ -428,6 +431,8 @@ def run(self): except Exception as e: logger.error('Cannot change directory to %s: %s', cwd, e) shutil.rmtree(self.top_dir) + logger.info("Restoring umask to %s", old_umask) + os.umask(old_umask) def get_connection(self):
_______________________________________________ FreeIPA-devel mailing list -- freeipa-devel@lists.fedorahosted.org To unsubscribe send an email to freeipa-devel-le...@lists.fedorahosted.org
