with open(SAML2_CONFFILE, 'w+') as f:
f.write(hunk)
- pw = pwd.getpwnam(args['httpd_user'])
- for root, dirs, files in os.walk(SAML2_HTTPDIR):
- for name in dirs:
- target = os.path.join(root, name)
- os.chown(target, pw.pw_uid, pw.pw_gid)
- os.chmod(target, 0700)
- for name in files:
- target = os.path.join(root, name)
- os.chown(target, pw.pw_uid, pw.pw_gid)
- os.chmod(target, 0600)
+ files.fix_user_dirs(SAML2_HTTPDIR, args['httpd_user'])
logger.info('SAML Service Provider configured.')
logger.info('You should be able to restart the HTTPD server and' +
from ipsilon.providers.saml2.provider import IdentityProvider
from ipsilon.tools.certs import Certificate
from ipsilon.tools import saml2metadata as metadata
+from ipsilon.tools import files
from ipsilon.util.user import UserSession
from ipsilon.util.plugin import PluginObject
import cherrypy
import lasso
-import pwd
import os
po.save_plugin_config(FACILITY)
# Fixup permissions so only the ipsilon user can read these files
- pw = pwd.getpwnam(opts['system_user'])
- for root, dirs, files in os.walk(path):
- for name in dirs:
- target = os.path.join(root, name)
- os.chown(target, pw.pw_uid, pw.pw_gid)
- os.chmod(target, 0700)
- for name in files:
- target = os.path.join(root, name)
- os.chown(target, pw.pw_uid, pw.pw_gid)
- os.chmod(target, 0600)
+ files.fix_user_dirs(path, opts['system_user'])
--- /dev/null
+#!/usr/bin/python
+#
+# Copyright (C) 2014 Simo Sorce <simo@redhat.com>
+#
+# see file 'COPYING' for use and warranty information
+#
+# This program is free software; you can redistribute it and/or modify
+# it under the terms of the GNU General Public License as published by
+# the Free Software Foundation, either version 3 of the License, or
+# (at your option) any later version.
+#
+# This program is distributed in the hope that it will be useful,
+# but WITHOUT ANY WARRANTY; without even the implied warranty of
+# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
+# GNU General Public License for more details.
+#
+# You should have received a copy of the GNU General Public License
+# along with this program. If not, see <http://www.gnu.org/licenses/>.
+
+import os
+import pwd
+
+
+def fix_user_dirs(path, user=None, mode=0700):
+ pw = None
+ if user:
+ pw = pwd.getpwnam(user)
+ for t in os.walk(path, topdown=False):
+ root, files = t[0], t[2]
+ for name in files:
+ target = os.path.join(root, name)
+ if pw:
+ os.chown(target, pw.pw_uid, pw.pw_gid)
+ os.chmod(target, mode & 0666)
+ if pw:
+ os.chown(root, pw.pw_uid, pw.pw_gid)
+ os.chmod(root, mode)