diff options
| author | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-14 11:47:14 -0500 |
|---|---|---|
| committer | Chris St. Pierre <chris.a.st.pierre@gmail.com> | 2012-11-14 11:57:06 -0500 |
| commit | 41f8803559f4d2b9d2df005464c9ad199431f9a6 (patch) | |
| tree | 5cccea1e3272f29b38eef5860b9025c79f58fe5a /src | |
| parent | 244b31c8a740ee7b1f021bfc03002f1ec572000e (diff) | |
| download | bcfg2-41f8803559f4d2b9d2df005464c9ad199431f9a6.tar.gz bcfg2-41f8803559f4d2b9d2df005464c9ad199431f9a6.tar.bz2 bcfg2-41f8803559f4d2b9d2df005464c9ad199431f9a6.zip | |
set default umask for server, added option to change it
Diffstat (limited to 'src')
| -rw-r--r-- | src/lib/Bcfg2/Options.py | 6 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/BuiltinCore.py | 18 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/CherryPyCore.py | 6 | ||||
| -rw-r--r-- | src/lib/Bcfg2/Server/Core.py | 2 |
4 files changed, 20 insertions, 12 deletions
diff --git a/src/lib/Bcfg2/Options.py b/src/lib/Bcfg2/Options.py index f3765a5ec..b418d57b0 100644 --- a/src/lib/Bcfg2/Options.py +++ b/src/lib/Bcfg2/Options.py @@ -577,6 +577,11 @@ SERVER_VCS_ROOT = \ default=None, odesc='<VCS repository root>', cf=('server', 'vcs_root')) +SERVER_UMASK = \ + Option('Server umask', + default='0077', + odesc='<Server umask>', + cf=('server', 'umask')) # database options DB_ENGINE = \ @@ -1068,6 +1073,7 @@ CLI_COMMON_OPTIONS = dict(configfile=CFILE, syslog=LOGGING_SYSLOG) DAEMON_COMMON_OPTIONS = dict(daemon=DAEMON, + umask=SERVER_UMASK, listen_all=SERVER_LISTEN_ALL, daemon_uid=SERVER_DAEMON_USER, daemon_gid=SERVER_DAEMON_GROUP) diff --git a/src/lib/Bcfg2/Server/BuiltinCore.py b/src/lib/Bcfg2/Server/BuiltinCore.py index 69fb8d0cb..63149c15e 100644 --- a/src/lib/Bcfg2/Server/BuiltinCore.py +++ b/src/lib/Bcfg2/Server/BuiltinCore.py @@ -28,17 +28,15 @@ class Core(BaseCore): #: this server core self.server = None + daemon_args = dict(uid=self.setup['daemon_uid'], + gid=self.setup['daemon_gid'], + umask=int(self.setup['umask'], 8)) if self.setup['daemon']: - #: The :class:`daemon.DaemonContext` used to drop - #: privileges, write the PID file (with :class:`PidFile`), - #: and daemonize this core. - self.context = \ - daemon.DaemonContext(uid=self.setup['daemon_uid'], - gid=self.setup['daemon_gid'], - pidfile=PIDLockFile(self.setup['daemon'])) - else: - self.context = daemon.DaemonContext(uid=self.setup['daemon_uid'], - gid=self.setup['daemon_gid']) + daemon_args['pidfile'] = PIDLockFile(self.setup['daemon']) + #: The :class:`daemon.DaemonContext` used to drop + #: privileges, write the PID file (with :class:`PidFile`), + #: and daemonize this core. + self.context = daemon.DaemonContext(**daemon_args) __init__.__doc__ = BaseCore.__init__.__doc__.split('.. -----')[0] def _dispatch(self, method, args, dispatch_dict): diff --git a/src/lib/Bcfg2/Server/CherryPyCore.py b/src/lib/Bcfg2/Server/CherryPyCore.py index 4ddcd7bdf..d097fd08f 100644 --- a/src/lib/Bcfg2/Server/CherryPyCore.py +++ b/src/lib/Bcfg2/Server/CherryPyCore.py @@ -107,8 +107,10 @@ class Core(BaseCore): :class:`cherrypy.process.plugins.DropPrivileges`, daemonize with :class:`cherrypy.process.plugins.Daemonizer`, and write a PID file with :class:`cherrypy.process.plugins.PIDFile`. """ - DropPrivileges(cherrypy.engine, uid=self.setup['daemon_uid'], - gid=self.setup['daemon_gid']).subscribe() + DropPrivileges(cherrypy.engine, + uid=self.setup['daemon_uid'], + gid=self.setup['daemon_gid'], + umask=int(self.setup['umask'], 8)).subscribe() Daemonizer(cherrypy.engine).subscribe() PIDFile(cherrypy.engine, self.setup['daemon']).subscribe() return True diff --git a/src/lib/Bcfg2/Server/Core.py b/src/lib/Bcfg2/Server/Core.py index cd2aa949f..6d0ad2bb9 100644 --- a/src/lib/Bcfg2/Server/Core.py +++ b/src/lib/Bcfg2/Server/Core.py @@ -665,6 +665,8 @@ class BaseCore(object): os.chmod(piddir, 420) # 0644 if not self._daemonize(): return False + else: + os.umask(int(self.setup['umask'], 8)) if not self._run(): self.shutdown() |