|
 |
95ea96 |
From 9bb9255161eef8da54842c0a6aeb1ddb0b20c0df Mon Sep 17 00:00:00 2001
|
|
|
95ea96 |
From: Christian Heimes <cheimes@redhat.com>
|
|
|
95ea96 |
Date: Fri, 22 Jun 2018 12:25:33 +0200
|
|
|
95ea96 |
Subject: [PATCH] Make /etc/httpd/alias world readable & executable
|
|
|
95ea96 |
|
|
|
95ea96 |
The directory /etc/httpd/alias contains public key material. It must be
|
|
|
95ea96 |
world readable and executable, so any client can read public certs.
|
|
|
95ea96 |
|
|
|
95ea96 |
Note: executable for a directory means, that a process is allowed to
|
|
|
95ea96 |
traverse into the directory.
|
|
|
95ea96 |
|
|
|
95ea96 |
Fixes: https://pagure.io/freeipa/issue/7594
|
|
|
95ea96 |
Signed-off-by: Christian Heimes <cheimes@redhat.com>
|
|
|
95ea96 |
Reviewed-By: Tibor Dudlak <tdudlak@redhat.com>
|
|
|
95ea96 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
95ea96 |
Reviewed-By: Rob Crittenden <rcritten@redhat.com>
|
|
|
95ea96 |
---
|
|
|
95ea96 |
ipaserver/install/httpinstance.py | 3 +++
|
|
|
95ea96 |
1 file changed, 3 insertions(+)
|
|
|
95ea96 |
|
|
|
95ea96 |
diff --git a/ipaserver/install/httpinstance.py b/ipaserver/install/httpinstance.py
|
|
|
95ea96 |
index 05b88998353597aebc39b6dad5e1a688dca84f49..3f8b18c4e8412c1767b6ad541da18d8b30ad59f7 100644
|
|
|
95ea96 |
--- a/ipaserver/install/httpinstance.py
|
|
|
95ea96 |
+++ b/ipaserver/install/httpinstance.py
|
|
|
95ea96 |
@@ -217,6 +217,9 @@ class HTTPInstance(service.Service):
|
|
|
95ea96 |
self.update_httpd_service_ipa_conf()
|
|
|
95ea96 |
self.update_httpd_wsgi_conf()
|
|
|
95ea96 |
|
|
|
95ea96 |
+ # Must be world-readable / executable
|
|
|
95ea96 |
+ os.chmod(paths.HTTPD_ALIAS_DIR, 0o755)
|
|
|
95ea96 |
+
|
|
|
95ea96 |
target_fname = paths.HTTPD_IPA_CONF
|
|
|
95ea96 |
http_txt = ipautil.template_file(
|
|
|
95ea96 |
os.path.join(paths.USR_SHARE_IPA_DIR, "ipa.conf"), self.sub_dict)
|
|
|
95ea96 |
--
|
|
|
95ea96 |
2.17.1
|
|
|
95ea96 |
|