Enforced root-only permissions on cloud.providers.d.

As mentioned in issue #118, provider files may contain passwords
or API keys and should be restricted. Profiles/maps are probably
OK with the defaults.
This commit is contained in:
Andrew Vant 2015-04-06 11:24:41 -04:00
parent f3ed6e1828
commit f0e9c2df87
1 changed files with 12 additions and 4 deletions

View File

@ -56,9 +56,17 @@ salt-cloud-{{ dir }}:
- name: /etc/salt/cloud.{{ dir }}.d - name: /etc/salt/cloud.{{ dir }}.d
- source: {{ source }} - source: {{ source }}
- template: jinja - template: jinja
- user: root
- group: root
- dir_mode: 755
- file_mode: 644
- makedirs: True - makedirs: True
{%- endfor %} {%- endfor %}
salt-cloud-providers-permissions:
file.directory:
- name: /etc/salt/cloud.providers.d
- user: root
- group: root
- file_mode: 600
- dir_mode: 700
- recurse:
- user
- group
- mode