diff options
Diffstat (limited to 'src/lib/Bcfg2/Client/Tools/POSIX/base.py')
-rw-r--r-- | src/lib/Bcfg2/Client/Tools/POSIX/base.py | 20 |
1 files changed, 18 insertions, 2 deletions
diff --git a/src/lib/Bcfg2/Client/Tools/POSIX/base.py b/src/lib/Bcfg2/Client/Tools/POSIX/base.py index 35dc57612..3873c6d98 100644 --- a/src/lib/Bcfg2/Client/Tools/POSIX/base.py +++ b/src/lib/Bcfg2/Client/Tools/POSIX/base.py @@ -5,6 +5,7 @@ import sys import pwd import grp import stat +import copy import shutil import Bcfg2.Client.Tools import Bcfg2.Client.XML @@ -672,7 +673,8 @@ class POSIXTool(Bcfg2.Client.Tools.Tool): us, but it sets permissions according to umask, which is probably wrong. we need to find out which directories were created and set permissions on those - (http://trac.mcs.anl.gov/projects/bcfg2/ticket/1125) """ + (http://trac.mcs.anl.gov/projects/bcfg2/ticket/1125 and + http://trac.mcs.anl.gov/projects/bcfg2/ticket/1134) """ created = [] if path is None: path = entry.get("name") @@ -689,8 +691,22 @@ class POSIXTool(Bcfg2.Client.Tools.Tool): self.logger.error('POSIX: Failed to create directory %s: %s' % (path, err)) rv = False + + # we need to make sure that we give +x to everyone who needs + # it. E.g., if the file that's been distributed is 0600, we + # can't make the parent directories 0600 also; that'd be + # pretty useless. They need to be 0700. + tmpentry = copy.deepcopy(entry) + newmode = int(entry.get('mode'), 8) + for i in range(0, 3): + if newmode & (6 * pow(8, i)): + newmode |= 1 * pow(8, i) + tmpentry.set('mode', oct(newmode)) + for acl in tmpentry.findall('ACL'): + acl.set('perms', + oct(self._norm_acl_perms(acl.get('perms')) | ACL_MAP['x'])) for cpath in created: - rv &= self._set_perms(entry, path=cpath) + rv &= self._set_perms(tmpentry, path=cpath) return rv |