From 1d78addd24a7d4d5d2d6f80cdab9b67c3b623a82 Mon Sep 17 00:00:00 2001 From: Jeremy Stanley Date: Mon, 23 May 2016 15:36:35 +0000 Subject: [PATCH] Update group owner and perms for certs/keys The ssl-cert group which normally owns files under /etc/ssl is created by a dependency of the apache module, but we need to create files there before that service is started. Break the cycle by just relying on the root group instead. Also update permission modes on these files to reflect sensible systems administration practices (read/write by root, readable by everyone except for the key file which is inaccessible for others). Change-Id: Ia76a344e5b4d3d7acdf0980ed7f951f8d5199052 --- manifests/cert.pp | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/manifests/cert.pp b/manifests/cert.pp index 27e5f2e..0379723 100644 --- a/manifests/cert.pp +++ b/manifests/cert.pp @@ -33,8 +33,8 @@ class storyboard::cert ( if $ssl_cert_content != undef { file { $ssl_cert: owner => 'root', - group => 'ssl-cert', - mode => '0640', + group => 'root', + mode => '0644', content => $ssl_cert_content, before => Class['storyboard::application'], notify => Class['storyboard::application'], @@ -44,8 +44,8 @@ class storyboard::cert ( if $ssl_key_content != undef { file { $ssl_key: owner => 'root', - group => 'ssl-cert', - mode => '0640', + group => 'root', + mode => '0600', content => $ssl_key_content, before => Class['storyboard::application'], notify => Class['storyboard::application'], @@ -63,8 +63,8 @@ class storyboard::cert ( if $ssl_ca_content != undef { file { $resolved_ssl_ca: owner => 'root', - group => 'ssl-cert', - mode => '0640', + group => 'root', + mode => '0644', content => $ssl_ca_content, before => Class['storyboard::application'], notify => Class['storyboard::application'],