From 7aae209ba77a09de7cb09792d6ac16bb80683a2f Mon Sep 17 00:00:00 2001
From: Martin Basti <mbasti@redhat.com>
Date: Wed, 9 Dec 2015 12:12:22 +0100
Subject: [PATCH] DNS: fix file permissions

With non default umask named-pkcs11 cannot access the softhsm token storage

https://fedorahosted.org/freeipa/ticket/5520

Reviewed-By: Tomas Babej <tbabej@redhat.com>
---
 ipaserver/install/dnskeysyncinstance.py | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
index 7d1351ccc57a5dbd7d537741545ad44d0dcd5eb1..590343c4e97fc882f296ac1aa69e43de9d35ed65 100644
--- a/ipaserver/install/dnskeysyncinstance.py
+++ b/ipaserver/install/dnskeysyncinstance.py
@@ -200,7 +200,9 @@ class DNSKeySyncInstance(service.Service):
         # create dnssec directory
         if not os.path.exists(paths.IPA_DNSSEC_DIR):
             self.logger.debug("Creating %s directory", paths.IPA_DNSSEC_DIR)
-            os.mkdir(paths.IPA_DNSSEC_DIR, 0770)
+            os.mkdir(paths.IPA_DNSSEC_DIR)
+            os.chmod(paths.IPA_DNSSEC_DIR, 0770)
+
             # chown ods:named
             os.chown(paths.IPA_DNSSEC_DIR, self.ods_uid, self.named_gid)
 
@@ -217,6 +219,7 @@ class DNSKeySyncInstance(service.Service):
         named_fd.truncate(0)
         named_fd.write(softhsm_conf_txt)
         named_fd.close()
+        os.chmod(paths.DNSSEC_SOFTHSM2_CONF, 0644)
 
         # setting up named to use softhsm2
         if not self.fstore.has_file(paths.SYSCONFIG_NAMED):
-- 
2.4.3