From 780dc73f513cc312e87948b51e90ae885f29a8fb Mon Sep 17 00:00:00 2001
From: Thorsten Scherf <tscherf@redhat.com>
Date: Thu, 1 Jun 2017 22:02:57 +0200
Subject: [PATCH] Changed ownership of ldiffile to DS_USER

Resolves:
https://pagure.io/freeipa/issue/7010

Reviewed-By: Martin Basti <mbasti@redhat.com>
Reviewed-By: Stanislav Laznicka <slaznick@redhat.com>
---
 ipaserver/install/ipa_restore.py | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/ipaserver/install/ipa_restore.py b/ipaserver/install/ipa_restore.py
index 923b1d6696d33c0bb07ca018b53dd3dabcc191aa..a3824df230857b02b47c12645fadee1200afdf66 100644
--- a/ipaserver/install/ipa_restore.py
+++ b/ipaserver/install/ipa_restore.py
@@ -540,6 +540,10 @@ class Restore(admintool.AdminTool):
                 ldif_parser = RemoveRUVParser(in_file, ldif_writer, self.log)
                 ldif_parser.parse()
 
+        # Make sure the modified ldiffile is owned by DS_USER
+        pent = pwd.getpwnam(constants.DS_USER)
+        os.chown(ldiffile, pent.pw_uid, pent.pw_gid)
+
         if online:
             conn = self.get_connection()
             ent = conn.make_entry(
-- 
2.13.6