Alon Bar-Lev has uploaded a new change for review. Change subject: pki: set ownership of apache key to root ......................................................................
pki: set ownership of apache key to root Apache reads the keys before dropping privileges, correct permissions are read by root. Change-Id: I7f3ab38f6e3f4e03244878877d4bab0fd72bc3c4 Signed-off-by: Alon Bar-Lev <[email protected]> --- M packaging/fedora/setup/engine-setup.py M packaging/fedora/setup/engine-upgrade.py 2 files changed, 5 insertions(+), 4 deletions(-) git pull ssh://gerrit.ovirt.org:29418/ovirt-engine refs/changes/66/15266/1 diff --git a/packaging/fedora/setup/engine-setup.py b/packaging/fedora/setup/engine-setup.py index 57a4f0b..1b8f630 100755 --- a/packaging/fedora/setup/engine-setup.py +++ b/packaging/fedora/setup/engine-setup.py @@ -913,9 +913,10 @@ logging.debug("changing file permissions for %s to 0640" % item) os.chmod(item, 0640) - os.chown(basedefs.FILE_APACHE_KEYSTORE, utils.getUsernameId("apache"), utils.getGroupId("apache")) + # Update keystore permissions + os.chown(basedefs.FILE_APACHE_KEYSTORE, utils.getUsernameId("root"), utils.getGroupId("root")) os.chmod(basedefs.FILE_APACHE_KEYSTORE, 0640) - os.chown(basedefs.FILE_APACHE_PRIVATE_KEY, utils.getUsernameId("apache"), utils.getGroupId("apache")) + os.chown(basedefs.FILE_APACHE_PRIVATE_KEY, utils.getUsernameId("root"), utils.getGroupId("root")) os.chmod(basedefs.FILE_APACHE_PRIVATE_KEY, 0640) def _updateCaCrtTemplate(): diff --git a/packaging/fedora/setup/engine-upgrade.py b/packaging/fedora/setup/engine-upgrade.py index d146b7a..1dbb814 100755 --- a/packaging/fedora/setup/engine-upgrade.py +++ b/packaging/fedora/setup/engine-upgrade.py @@ -527,8 +527,8 @@ utils.copyFile( src, dst, - utils.getUsernameId("apache"), - utils.getGroupId("apache"), + utils.getUsernameId("root"), + utils.getGroupId("root"), 0640 ) except OSError: -- To view, visit http://gerrit.ovirt.org/15266 To unsubscribe, visit http://gerrit.ovirt.org/settings Gerrit-MessageType: newchange Gerrit-Change-Id: I7f3ab38f6e3f4e03244878877d4bab0fd72bc3c4 Gerrit-PatchSet: 1 Gerrit-Project: ovirt-engine Gerrit-Branch: engine_3.2 Gerrit-Owner: Alon Bar-Lev <[email protected]> _______________________________________________ Engine-patches mailing list [email protected] http://lists.ovirt.org/mailman/listinfo/engine-patches
