From 8ba1a1e89b34e587a9898a85f1c545dbd1c7765a Mon Sep 17 00:00:00 2001 From: Christian Heimes Date: Fri, 22 Jun 2018 12:22:06 +0200 Subject: [PATCH] Always make ipa.p11-kit world-readable Ensure that ipa.p11-kit is always world-readable. Fixes: https://pagure.io/freeipa/issue/7594 Signed-off-by: Christian Heimes Reviewed-By: Tibor Dudlak Reviewed-By: Rob Crittenden Reviewed-By: Rob Crittenden --- ipaplatform/redhat/tasks.py | 1 + 1 file changed, 1 insertion(+) diff --git a/ipaplatform/redhat/tasks.py b/ipaplatform/redhat/tasks.py index 6a4270defc9f444f76677bdf08d2a680649664bb..8fc8b54c146d540c988d97b7fb0927fced7c3e29 100644 --- a/ipaplatform/redhat/tasks.py +++ b/ipaplatform/redhat/tasks.py @@ -269,6 +269,7 @@ class RedHatTaskNamespace(BaseTaskNamespace): try: f = open(new_cacert_path, 'w') + os.fchmod(f.fileno(), 0o644) except IOError as e: logger.info("Failed to open %s: %s", new_cacert_path, e) return False -- 2.17.1