|
 |
e0ab38 |
From 7aae209ba77a09de7cb09792d6ac16bb80683a2f Mon Sep 17 00:00:00 2001
|
|
|
e0ab38 |
From: Martin Basti <mbasti@redhat.com>
|
|
|
e0ab38 |
Date: Wed, 9 Dec 2015 12:12:22 +0100
|
|
|
e0ab38 |
Subject: [PATCH] DNS: fix file permissions
|
|
|
e0ab38 |
|
|
|
e0ab38 |
With non default umask named-pkcs11 cannot access the softhsm token storage
|
|
|
e0ab38 |
|
|
|
e0ab38 |
https://fedorahosted.org/freeipa/ticket/5520
|
|
|
e0ab38 |
|
|
|
e0ab38 |
Reviewed-By: Tomas Babej <tbabej@redhat.com>
|
|
|
e0ab38 |
---
|
|
|
e0ab38 |
ipaserver/install/dnskeysyncinstance.py | 5 ++++-
|
|
|
e0ab38 |
1 file changed, 4 insertions(+), 1 deletion(-)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
diff --git a/ipaserver/install/dnskeysyncinstance.py b/ipaserver/install/dnskeysyncinstance.py
|
|
|
e0ab38 |
index 7d1351ccc57a5dbd7d537741545ad44d0dcd5eb1..590343c4e97fc882f296ac1aa69e43de9d35ed65 100644
|
|
|
e0ab38 |
--- a/ipaserver/install/dnskeysyncinstance.py
|
|
|
e0ab38 |
+++ b/ipaserver/install/dnskeysyncinstance.py
|
|
|
e0ab38 |
@@ -200,7 +200,9 @@ class DNSKeySyncInstance(service.Service):
|
|
|
e0ab38 |
# create dnssec directory
|
|
|
e0ab38 |
if not os.path.exists(paths.IPA_DNSSEC_DIR):
|
|
|
e0ab38 |
self.logger.debug("Creating %s directory", paths.IPA_DNSSEC_DIR)
|
|
|
e0ab38 |
- os.mkdir(paths.IPA_DNSSEC_DIR, 0770)
|
|
|
e0ab38 |
+ os.mkdir(paths.IPA_DNSSEC_DIR)
|
|
|
e0ab38 |
+ os.chmod(paths.IPA_DNSSEC_DIR, 0770)
|
|
|
e0ab38 |
+
|
|
|
e0ab38 |
# chown ods:named
|
|
|
e0ab38 |
os.chown(paths.IPA_DNSSEC_DIR, self.ods_uid, self.named_gid)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
@@ -217,6 +219,7 @@ class DNSKeySyncInstance(service.Service):
|
|
|
e0ab38 |
named_fd.truncate(0)
|
|
|
e0ab38 |
named_fd.write(softhsm_conf_txt)
|
|
|
e0ab38 |
named_fd.close()
|
|
|
e0ab38 |
+ os.chmod(paths.DNSSEC_SOFTHSM2_CONF, 0644)
|
|
|
e0ab38 |
|
|
|
e0ab38 |
# setting up named to use softhsm2
|
|
|
e0ab38 |
if not self.fstore.has_file(paths.SYSCONFIG_NAMED):
|
|
|
e0ab38 |
--
|
|
|
e0ab38 |
2.4.3
|
|
|
e0ab38 |
|