s4-provision: fix permissions on generated DNS zone file

The zone file needs to be writeable by bind to allow for it to flush
its journal on dynamic updates

Pair-Programmed-With: Andrew Bartlett <abartlet@samba.org>

diff --git a/source4/scripting/python/samba/provision.py b/source4/scripting/python/samba/provision.py
index 59daa25c699b91b09f461c26857168b61343e400..b127d6cc549d865c539867d92a511ee68708f5d1 100644 (file)
--- a/source4/scripting/python/samba/provision.py
+++ b/source4/scripting/python/samba/provision.py
@@ -1525,15 +1525,7 @@ def create_zone_file(message, paths, setup_path, dnsdomain,
     except OSError:
         pass
 
     except OSError:
         pass
 

-    os.mkdir(dns_dir, 0770)
-    # chmod needed to cope with umask
-    os.chmod(dns_dir, 0770)
-
-    if paths.bind_gid is not None:
-        try:
-            os.chown(dns_dir, -1, paths.bind_gid)
-        except OSError:
-            message("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
+    os.mkdir(dns_dir, 0775)

 
     setup_file(setup_path("provision.zone"), paths.dns, {
             "HOSTNAME": hostname,
 
     setup_file(setup_path("provision.zone"), paths.dns, {
             "HOSTNAME": hostname,


@@ -1549,6 +1541,16 @@ def create_zone_file(message, paths, setup_path, dnsdomain,
             "HOSTIP6_HOST_LINE": hostip6_host_line,
         })
 
             "HOSTIP6_HOST_LINE": hostip6_host_line,
         })
 

+    if paths.bind_gid is not None:
+        try:
+            os.chown(dns_dir, -1, paths.bind_gid)
+            os.chown(paths.dns, -1, paths.bind_gid)
+            # chmod needed to cope with umask
+            os.chmod(dns_dir, 0775)
+            os.chmod(paths.dns, 0664)
+        except OSError:
+            message("Failed to chown %s to bind gid %u" % (dns_dir, paths.bind_gid))
+

 
 def create_named_conf(paths, setup_path, realm, dnsdomain,
                       private_dir):
 
 def create_named_conf(paths, setup_path, realm, dnsdomain,
                       private_dir):