Enforced root-only permissions on cloud.providers.d.
As mentioned in issue #118, provider files may contain passwords or API keys and should be restricted. Profiles/maps are probably OK with the defaults.
This commit is contained in:
parent
f3ed6e1828
commit
f0e9c2df87
|
@ -56,9 +56,17 @@ salt-cloud-{{ dir }}:
|
||||||
- name: /etc/salt/cloud.{{ dir }}.d
|
- name: /etc/salt/cloud.{{ dir }}.d
|
||||||
- source: {{ source }}
|
- source: {{ source }}
|
||||||
- template: jinja
|
- template: jinja
|
||||||
- user: root
|
|
||||||
- group: root
|
|
||||||
- dir_mode: 755
|
|
||||||
- file_mode: 644
|
|
||||||
- makedirs: True
|
- makedirs: True
|
||||||
{%- endfor %}
|
{%- endfor %}
|
||||||
|
|
||||||
|
salt-cloud-providers-permissions:
|
||||||
|
file.directory:
|
||||||
|
- name: /etc/salt/cloud.providers.d
|
||||||
|
- user: root
|
||||||
|
- group: root
|
||||||
|
- file_mode: 600
|
||||||
|
- dir_mode: 700
|
||||||
|
- recurse:
|
||||||
|
- user
|
||||||
|
- group
|
||||||
|
- mode
|
||||||
|
|
Loading…
Reference in New Issue