From ed7ece9a6404fea1a39a33c1ad0cda42a174979b Mon Sep 17 00:00:00 2001 From: Kienan Stewart Date: Mon, 12 Feb 2024 10:49:47 -0500 Subject: [PATCH] ansible: restrict mode on internal certificate private key to user Samba asserts that the mode is 0600, not 0640. Change-Id: If6ca4dba54726c29caba18575f9c0796d14a6b79 Signed-off-by: Kienan Stewart --- automation/ansible/roles/common/tasks/certs.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/automation/ansible/roles/common/tasks/certs.yml b/automation/ansible/roles/common/tasks/certs.yml index eeb1bfa..fc79947 100644 --- a/automation/ansible/roles/common/tasks/certs.yml +++ b/automation/ansible/roles/common/tasks/certs.yml @@ -10,7 +10,7 @@ - name: Deploy internal certificate key ansible.builtin.copy: dest: "{{common_certificate_key_path_prefix}}/internal.efficios.com.key" - mode: '0640' + mode: '0600' owner: 'root' group: 'root' content: "{{lookup('community.general.bitwarden', 'TLS Certificate internal.efficios.com', collection_id='35c5d8b1-2520-4450-a479-aef50131b930')[0]['notes'] }}" -- 2.34.1