Fix access to ldap configuration files on non-controller (workstation) systems

(cherry picked from commit b2d89e08d0)
r14.0.x r14.0.6
Timothy Pearson 6 years ago committed by Slávek Banko
parent 23d8a034c7
commit 8c6f2507b0
No known key found for this signature in database
GPG Key ID: 608F5293A04BE668

@ -2860,10 +2860,20 @@ int LDAPManager::writeLDAPConfFile(LDAPRealmConfig realmcfg, LDAPMachineRole mac
delete systemconfig;
if ((machineRole == ROLE_PRIMARY_REALM_CONTROLLER) || (machineRole == ROLE_SECONDARY_REALM_CONTROLLER)) {
// The file may contain multi-master replication secrets, therefore only root should be able to read it
if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP) < 0) {
if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
return -1;
}
}
else {
// Normal users should be allowed to read realm configuration data in order to launch realm administration utilities
if (chmod(KDE_CONFDIR "/ldap/ldapconfigrc", S_IRUSR|S_IWUSR|S_IRGRP|S_IROTH) < 0) {
if (errstr) *errstr = TQString("Unable to change permissions of \"%1\"").arg(KDE_CONFDIR "/ldap/ldapconfigrc");
return -1;
}
}
return 0;
}

Loading…
Cancel
Save