s4-provision: fix permissions on generated DNS zone file
[ira/wip.git] / source4 / scripting / python / samba / provision.py
index 59daa25c699b91b09f461c26857168b61343e400..b127d6cc549d865c539867d92a511ee68708f5d1 100644 (file)
@@ -1525,15 +1525,7 @@ def create_zone_file(message, paths, setup_path, dnsdomain,
     except OSError:
         pass
 
-    os.mkdir(dns_dir, 0770)
-    # chmod needed to cope with umask
-    os.chmod(dns_dir, 0770)
-
-    if paths.bind_gid is not None:
-        try:
-            os.chown(dns_dir, -1, paths.bind_gid)
-        except OSError:
-            message("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
+    os.mkdir(dns_dir, 0775)
 
     setup_file(setup_path("provision.zone"), paths.dns, {
             "HOSTNAME": hostname,
@@ -1549,6 +1541,16 @@ def create_zone_file(message, paths, setup_path, dnsdomain,
             "HOSTIP6_HOST_LINE": hostip6_host_line,
         })
 
+    if paths.bind_gid is not None:
+        try:
+            os.chown(dns_dir, -1, paths.bind_gid)
+            os.chown(paths.dns, -1, paths.bind_gid)
+            # chmod needed to cope with umask
+            os.chmod(dns_dir, 0775)
+            os.chmod(paths.dns, 0664)
+        except OSError:
+            message("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
+
 
 def create_named_conf(paths, setup_path, realm, dnsdomain,
                       private_dir):