From 7d7bb4789504a3f84e8ccf52abc06e8de109289a Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 9 Dec 2015 13:40:04 +0100
Subject: [PATCH] Explicitly call chmod on newly created directories
Without calling os.chmod(), umask is effective and may cause that
directory is created with permission that causes failure.
This can be related to https://fedorahosted.org/freeipa/ticket/5520
Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
ipaplatform/base/services.py | 2 +-
ipaserver/install/cainstance.py | 1 +
ipaserver/install/ipa_backup.py | 7 ++++---
ipaserver/install/ipa_replica_prepare.py | 3 ++-
ipaserver/install/ipa_restore.py | 10 ++++++----
5 files changed, 14 insertions(+), 9 deletions(-)
diff --git a/ipaplatform/base/services.py b/ipaplatform/base/services.py
index 56e959e919e42281431240451071a2d4b8048e4a..b068a2f3b00549fffa20feffb6a3158382fc7e9a 100644
--- a/ipaplatform/base/services.py
+++ b/ipaplatform/base/services.py
@@ -421,7 +421,7 @@ class SystemdService(PlatformService):
try:
if not ipautil.dir_exists(srv_tgt):
- os.mkdir(srv_tgt)
+ os.mkdir(srv_tgt, 0755)
if os.path.exists(srv_lnk):
# Remove old link
os.unlink(srv_lnk)
diff --git a/ipaserver/install/cainstance.py b/ipaserver/install/cainstance.py
index c20bf39c12cff0777d90efad2b0d8d136ee37ec9..d9bf4f31af5a922dd6f977a5011f50ce7cea8896 100644
--- a/ipaserver/install/cainstance.py
+++ b/ipaserver/install/cainstance.py
@@ -978,6 +978,7 @@ class CAInstance(DogtagInstance):
if not ipautil.dir_exists(self.ra_agent_db):
os.mkdir(self.ra_agent_db)
+ os.chmod(self.ra_agent_db, 0755)
# Create the password file for this db
hex_str = binascii.hexlify(os.urandom(10))
diff --git a/ipaserver/install/ipa_backup.py b/ipaserver/install/ipa_backup.py
index 3bd2ef0203c1b5b596e092987acd894491ecae26..a5a4bef0a17f641fcea565d9a79c3e6887a064a7 100644
--- a/ipaserver/install/ipa_backup.py
+++ b/ipaserver/install/ipa_backup.py
@@ -279,8 +279,8 @@ class Backup(admintool.AdminTool):
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
os.chmod(self.top_dir, 0750)
self.dir = os.path.join(self.top_dir, "ipa")
- os.mkdir(self.dir, 0750)
-
+ os.mkdir(self.dir)
+ os.chmod(self.dir, 0750)
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
self.header = os.path.join(self.top_dir, 'header')
@@ -605,7 +605,8 @@ class Backup(admintool.AdminTool):
backup_dir = os.path.join(paths.IPA_BACKUP_DIR, time.strftime('ipa-full-%Y-%m-%d-%H-%M-%S'))
filename = os.path.join(backup_dir, "ipa-full.tar")
- os.mkdir(backup_dir, 0700)
+ os.mkdir(backup_dir)
+ os.chmod(backup_dir, 0700)
cwd = os.getcwd()
os.chdir(self.dir)
diff --git a/ipaserver/install/ipa_replica_prepare.py b/ipaserver/install/ipa_replica_prepare.py
index 5246f5f5469c85571d04c99d872f38018802abaa..b9ae60e9bc9d40be5f86e312980846b2ad80f67d 100644
--- a/ipaserver/install/ipa_replica_prepare.py
+++ b/ipaserver/install/ipa_replica_prepare.py
@@ -345,7 +345,8 @@ class ReplicaPrepare(admintool.AdminTool):
self.top_dir = tempfile.mkdtemp("ipa")
self.dir = os.path.join(self.top_dir, "realm_info")
- os.mkdir(self.dir, 0700)
+ os.mkdir(self.dir)
+ os.chmod(self.dir, 0700)
try:
self.copy_ds_certificate()
diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 57d5deb1e68af6e9ceb51f4dd751b8a59d9ac513..cdc460301ad8aeb658fec18da565238a376d1c0c 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -300,8 +300,8 @@ class Restore(admintool.AdminTool):
os.chown(self.top_dir, pent.pw_uid, pent.pw_gid)
os.chmod(self.top_dir, 0750)
self.dir = os.path.join(self.top_dir, "ipa")
- os.mkdir(self.dir, 0750)
-
+ os.mkdir(self.dir)
+ os.chmod(self.dir, 0750)
os.chown(self.dir, pent.pw_uid, pent.pw_gid)
cwd = os.getcwd()
@@ -527,7 +527,8 @@ class Restore(admintool.AdminTool):
if not os.path.exists(ldifdir):
pent = pwd.getpwnam(DS_USER)
- os.mkdir(ldifdir, 0770)
+ os.mkdir(ldifdir)
+ os.chmod(ldifdir, 0770)
os.chown(ldifdir, pent.pw_uid, pent.pw_gid)
ipautil.backup_file(ldiffile)
@@ -804,7 +805,8 @@ class Restore(admintool.AdminTool):
for dir in dirs:
try:
self.log.debug('Creating %s' % dir)
- os.mkdir(dir, 0770)
+ os.mkdir(dir)
+ os.chmod(dir, 0770)
os.chown(dir, pent.pw_uid, pent.pw_gid)
tasks.restore_context(dir)
except Exception, e:
--
2.4.3