Enforced root-only permissions on cloud.providers.d.
As mentioned in issue #118, provider files may contain passwords or API keys and should be restricted. Profiles/maps are probably OK with the defaults.
This commit is contained in:
parent
f3ed6e1828
commit
f0e9c2df87
|
@ -56,9 +56,17 @@ salt-cloud-{{ dir }}:
|
|||
- name: /etc/salt/cloud.{{ dir }}.d
|
||||
- source: {{ source }}
|
||||
- template: jinja
|
||||
- user: root
|
||||
- group: root
|
||||
- dir_mode: 755
|
||||
- file_mode: 644
|
||||
- makedirs: True
|
||||
{%- endfor %}
|
||||
|
||||
salt-cloud-providers-permissions:
|
||||
file.directory:
|
||||
- name: /etc/salt/cloud.providers.d
|
||||
- user: root
|
||||
- group: root
|
||||
- file_mode: 600
|
||||
- dir_mode: 700
|
||||
- recurse:
|
||||
- user
|
||||
- group
|
||||
- mode
|
||||
|
|
Loading…
Reference in New Issue