dynconfig: Change permission of the private dir to 0700

BUG: https://bugzilla.samba.org/show_bug.cgi?id=12957

Signed-off-by: Andreas Schneider <asn@samba.org>
Reviewed-by: Andrew Bartlet <abartlet@samba.org>

diff --git a/dynconfig/wscript b/dynconfig/wscript
index 7e9bde929d0743f7368f505a7a4bf5408af35965..ba0c896b90e8eef288bcbe570e3984f84fbba23b 100644 (file)
--- a/dynconfig/wscript
+++ b/dynconfig/wscript
@@ -418,7 +418,7 @@ def build(bld):
     bld.INSTALL_DIR("${CONFIGDIR}")
     bld.INSTALL_DIR("${LOGFILEBASE}")
     bld.INSTALL_DIR("${PRIVILEGED_SOCKET_DIR}")
-    bld.INSTALL_DIR("${PRIVATE_DIR}")
+    bld.INSTALL_DIR("${PRIVATE_DIR}", 0o700)
     bld.INSTALL_DIR("${STATEDIR}")
     bld.INSTALL_DIR("${CACHEDIR}")
 

diff --git a/python/samba/provision/__init__.py b/python/samba/provision/__init__.py
index 2387931987e251861cf23cb89896eed06a1bd3d2..91d2105929c246c0f2000307a1c9582f92fb9eb7 100644 (file)
--- a/python/samba/provision/__init__.py
+++ b/python/samba/provision/__init__.py
@@ -2065,7 +2065,7 @@ def provision(logger, session_info, smbconf=None,
         serverrole = lp.get("server role")
 
     if not os.path.exists(paths.private_dir):
-        os.mkdir(paths.private_dir)
+        os.mkdir(paths.private_dir, 0o700)
     if not os.path.exists(os.path.join(paths.private_dir, "tls")):
         os.makedirs(os.path.join(paths.private_dir, "tls"), 0700)
     if not os.path.exists(paths.state_dir):