|
 |
e0ab38 |
From 7d7bb4789504a3f84e8ccf52abc06e8de109289a Mon Sep 17 00:00:00 2001
|
|
|
e0ab38 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
e0ab38 |
Date: Wed, 9 Dec 2015 13:40:04 +0100
|
|
|
e0ab38 |
Subject: [PATCH] Explicitly call chmod on newly created directories
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Without calling os.chmod(), umask is effective and may cause that
|
|
|
e0ab38 |
directory is created with permission that causes failure.
|
|
|
e0ab38 |
|
|
|
e0ab38 |
This can be related to https://fedorahosted.org/freeipa/ticket/5520
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
e0ab38 |
---
|
|
|
e0ab38 |
ipaplatform/base/services.py | 2 +-
|
|
|
e0ab38 |
ipaserver/install/cainstance.py | 1 +
|
|
|
e0ab38 |
ipaserver/install/ipa_backup.py | 7 ++++---
|
|
|
e0ab38 |
ipaserver/install/ipa_replica_prepare.py | 3 ++-
|
|
|
e0ab38 |
ipaserver/install/ipa_restore.py | 10 ++++++----
|
|
|
e0ab38 |
5 files changed, 14 insertions(+), 9 deletions(-)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py
|
|
|
e0ab38 |
index 56e959e919e42281431240451071a2d4b8048e4a..b068a2f3b00549fffa20feffb6a3158382fc7e9a 100644
|
|
|
e0ab38 |
--- a/ipaplatform/base/services.py
|
|
|
e0ab38 |
+++ b/ipaplatform/base/services.py
|
|
|
e0ab38 |
@@ -421,7 +421,7 @@ class SystemdService(PlatformService):
|
|
|
e0ab38 |
|
|
|
e0ab38 |
try:
|
|
|
e0ab38 |
if not ipautil.dir_exists(srv_tgt):
|
|
|
e0ab38 |
- os.mkdir(srv_tgt)
|
|
|
e0ab38 |
+ os.mkdir(srv_tgt, 0755)
|
|
|
e0ab38 |
if os.path.exists(srv_lnk):
|
|
|
e0ab38 |
# Remove old link
|
|
|
e0ab38 |
os.unlink(srv_lnk)
|
|
|
e0ab38 |
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
|
|
|
e0ab38 |
index c20bf39c12cff0777d90efad2b0d8d136ee37ec9..d9bf4f31af5a922dd6f977a5011f50ce7cea8896 100644
|
|
|
e0ab38 |
--- a/ipaserver/install/cainstance.py
|
|
|
e0ab38 |
+++ b/ipaserver/install/cainstance.py
|
|
|
e0ab38 |
@@ -978,6 +978,7 @@ class CAInstance(DogtagInstance):
|
|
|
e0ab38 |
|
|
|
e0ab38 |
if not ipautil.dir_exists(self.ra_agent_db):
|
|
|
e0ab38 |
os.mkdir(self.ra_agent_db)
|
|
|
e0ab38 |
+ os.chmod(self.ra_agent_db, 0755)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
# Create the password file for this db
|
|
|
e0ab38 |
hex_str = binascii.hexlify(os.urandom(10))
|
|
|
e0ab38 |
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
|
|
|
e0ab38 |
index 3bd2ef0203c1b5b596e092987acd894491ecae26..a5a4bef0a17f641fcea565d9a79c3e6887a064a7 100644
|
|
|
e0ab38 |
--- a/ipaserver/install/ipa_backup.py
|
|
|
e0ab38 |
+++ b/ipaserver/install/ipa_backup.py
|
|
|
e0ab38 |
@@ -279,8 +279,8 @@ class Backup(admintool.AdminTool):
|
|
|
e0ab38 |
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
os.chmod(self.top_dir, 0750)
|
|
|
e0ab38 |
self.dir = os.path.join(self.top_dir, "ipa")
|
|
|
e0ab38 |
- os.mkdir(self.dir, 0750)
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
+ os.mkdir(self.dir)
|
|
|
e0ab38 |
+ os.chmod(self.dir, 0750)
|
|
|
e0ab38 |
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
self.header = os.path.join(self.top_dir, 'header')
|
|
|
e0ab38 |
@@ -605,7 +605,8 @@ class Backup(admintool.AdminTool):
|
|
|
e0ab38 |
backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
|
|
|
e0ab38 |
filename = os.path.join(backup_dir, "ipa-full.tar")
|
|
|
e0ab38 |
|
|
|
e0ab38 |
- os.mkdir(backup_dir, 0700)
|
|
|
e0ab38 |
+ os.mkdir(backup_dir)
|
|
|
e0ab38 |
+ os.chmod(backup_dir, 0700)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
cwd = os.getcwd()
|
|
|
e0ab38 |
os.chdir(self.dir)
|
|
|
e0ab38 |
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
|
|
|
e0ab38 |
index 5246f5f5469c85571d04c99d872f38018802abaa..b9ae60e9bc9d40be5f86e312980846b2ad80f67d 100644
|
|
|
e0ab38 |
--- a/ipaserver/install/ipa_replica_prepare.py
|
|
|
e0ab38 |
+++ b/ipaserver/install/ipa_replica_prepare.py
|
|
|
e0ab38 |
@@ -345,7 +345,8 @@ class ReplicaPrepare(admintool.AdminTool):
|
|
|
e0ab38 |
|
|
|
e0ab38 |
self.top_dir = tempfile.mkdtemp("ipa")
|
|
|
e0ab38 |
self.dir = os.path.join(self.top_dir, "realm_info")
|
|
|
e0ab38 |
- os.mkdir(self.dir, 0700)
|
|
|
e0ab38 |
+ os.mkdir(self.dir)
|
|
|
e0ab38 |
+ os.chmod(self.dir, 0700)
|
|
|
e0ab38 |
try:
|
|
|
e0ab38 |
self.copy_ds_certificate()
|
|
|
e0ab38 |
|
|
|
e0ab38 |
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
|
|
|
e0ab38 |
index 57d5deb1e68af6e9ceb51f4dd751b8a59d9ac513..cdc460301ad8aeb658fec18da565238a376d1c0c 100644
|
|
|
e0ab38 |
--- a/ipaserver/install/ipa_restore.py
|
|
|
e0ab38 |
+++ b/ipaserver/install/ipa_restore.py
|
|
|
e0ab38 |
@@ -300,8 +300,8 @@ class Restore(admintool.AdminTool):
|
|
|
e0ab38 |
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
os.chmod(self.top_dir, 0750)
|
|
|
e0ab38 |
self.dir = os.path.join(self.top_dir, "ipa")
|
|
|
e0ab38 |
- os.mkdir(self.dir, 0750)
|
|
|
e0ab38 |
-
|
|
|
e0ab38 |
+ os.mkdir(self.dir)
|
|
|
e0ab38 |
+ os.chmod(self.dir, 0750)
|
|
|
e0ab38 |
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
cwd = os.getcwd()
|
|
|
e0ab38 |
@@ -527,7 +527,8 @@ class Restore(admintool.AdminTool):
|
|
|
e0ab38 |
|
|
|
e0ab38 |
if not os.path.exists(ldifdir):
|
|
|
e0ab38 |
pent = pwd.getpwnam(DS_USER)
|
|
|
e0ab38 |
- os.mkdir(ldifdir, 0770)
|
|
|
e0ab38 |
+ os.mkdir(ldifdir)
|
|
|
e0ab38 |
+ os.chmod(ldifdir, 0770)
|
|
|
e0ab38 |
os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
ipautil.backup_file(ldiffile)
|
|
|
e0ab38 |
@@ -804,7 +805,8 @@ class Restore(admintool.AdminTool):
|
|
|
e0ab38 |
for dir in dirs:
|
|
|
e0ab38 |
try:
|
|
|
e0ab38 |
self.log.debug('Creating %s' % dir)
|
|
|
e0ab38 |
- os.mkdir(dir, 0770)
|
|
|
e0ab38 |
+ os.mkdir(dir)
|
|
|
e0ab38 |
+ os.chmod(dir, 0770)
|
|
|
e0ab38 |
os.chown(dir, pent.pw_uid, pent.pw_gid)
|
|
|
e0ab38 |
tasks.restore_context(dir)
|
|
|
e0ab38 |
except Exception, e:
|
|
|
e0ab38 |
--
|
|
|
e0ab38 |
2.4.3
|
|
|
e0ab38 |
|