Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation.
https://fedorahosted.org/freeipa/ticket/1282
>From 34f509c968195aaad0088d302374066ba56ce391 Mon Sep 17 00:00:00 2001 From: Martin Kosek <mko...@redhat.com> Date: Fri, 17 Jun 2011 14:19:45 +0200 Subject: [PATCH] Fix IPA install for secure umask Make sure that IPA can be installed with root umask set to secure value 077. ipa-server-install was failing in DS configuration phase when dirsrv tried to read boot.ldif created during installation. https://fedorahosted.org/freeipa/ticket/1282 --- ipaserver/install/dsinstance.py | 11 +++++++---- 1 files changed, 7 insertions(+), 4 deletions(-) diff --git a/ipaserver/install/dsinstance.py b/ipaserver/install/dsinstance.py index 845e1e253503ff660ef3976078bc1e0f5439b52a..11078f628fcf52c235c8b71080532e8d20324557 100644 --- a/ipaserver/install/dsinstance.py +++ b/ipaserver/install/dsinstance.py @@ -358,10 +358,13 @@ class DsInstance(service.Service): self.sub_dict['BASEDC'] = self.realm_name.split('.')[0].lower() base_txt = ipautil.template_str(BASE_TEMPLATE, self.sub_dict) logging.debug(base_txt) - base_fd = file("/var/lib/dirsrv/boot.ldif", "w") - base_fd.write(base_txt) - base_fd.flush() - base_fd.close() + old_umask = os.umask(022) # must be readable for dirsrv + try: + base_fd = open("/var/lib/dirsrv/boot.ldif", "w") + base_fd.write(base_txt) + base_fd.close() + finally: + os.umask(old_umask) inf_txt = ipautil.template_str(INF_TEMPLATE, self.sub_dict) logging.debug("writing inf template") -- 1.7.5.4
_______________________________________________ Freeipa-devel mailing list Freeipa-devel@redhat.com https://www.redhat.com/mailman/listinfo/freeipa-devel