From b576b290d3d7e165269edf36d6be27bc1441a688 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= Date: Sat, 20 Jan 2018 15:06:37 +0100 Subject: [PATCH 84/88] DESKPROFILE: Soften umask for the domain's dir MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit The default umask (0177) is way too strict, not allowing us to create the domain's dir, which has to have its mode set as 751. In order to solve this, let's soften the umask to 0026. This issue was exposed due to CAP_DAC_OVERRIDE being removed from Fedora package. Resolves: https://pagure.io/SSSD/sssd/issue/3621 Signed-off-by: Fabiano FidĂȘncio Reviewed-by: Simo Sorce --- src/providers/ipa/ipa_deskprofile_rules_util.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/src/providers/ipa/ipa_deskprofile_rules_util.c b/src/providers/ipa/ipa_deskprofile_rules_util.c index 01b7d0527..989f3aadd 100644 --- a/src/providers/ipa/ipa_deskprofile_rules_util.c +++ b/src/providers/ipa/ipa_deskprofile_rules_util.c @@ -229,6 +229,7 @@ ipa_deskprofile_rules_create_user_dir( char *domain; char *domain_dir; errno_t ret; + mode_t old_umask; tmp_ctx = talloc_new(NULL); if (tmp_ctx == NULL) { @@ -243,8 +244,10 @@ ipa_deskprofile_rules_create_user_dir( goto done; } - ret = sss_create_dir(IPA_DESKPROFILE_RULES_USER_DIR, domain, 0755, + old_umask = umask(0026); + ret = sss_create_dir(IPA_DESKPROFILE_RULES_USER_DIR, domain, 0751, getuid(), getgid()); + umask(old_umask); if (ret != EOK) { DEBUG(SSSDBG_CRIT_FAILURE, "Failed to create the directory \"%s/%s\" that would be used to " -- 2.14.3