From 2b1911f17b0ed5ee5ad2384e176b84b84243802f Mon Sep 17 00:00:00 2001
From: elijah <elijah@riseup.net>
Date: Thu, 3 Sep 2015 23:24:43 -0700
Subject: make couchdb.admin.yml only readable by root, make non-admin cron run
 as webapp user.

---
 puppet/modules/site_webapp/manifests/couchdb.pp | 16 ++++++++--------
 1 file changed, 8 insertions(+), 8 deletions(-)

(limited to 'puppet/modules/site_webapp/manifests/couchdb.pp')

diff --git a/puppet/modules/site_webapp/manifests/couchdb.pp b/puppet/modules/site_webapp/manifests/couchdb.pp
index 1dbc745d..5cf7f953 100644
--- a/puppet/modules/site_webapp/manifests/couchdb.pp
+++ b/puppet/modules/site_webapp/manifests/couchdb.pp
@@ -14,29 +14,29 @@ class site_webapp::couchdb {
   file {
     '/srv/leap/webapp/config/couchdb.yml':
       content => template('site_webapp/couchdb.yml.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0600',
       require => Vcsrepo['/srv/leap/webapp'];
 
     '/srv/leap/webapp/config/couchdb.admin.yml':
       content => template('site_webapp/couchdb.admin.yml.erb'),
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'root',
+      group   => 'root',
       mode    => '0600',
       require => Vcsrepo['/srv/leap/webapp'];
 
     '/srv/leap/webapp/log':
       ensure  => directory,
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0755',
       require => Vcsrepo['/srv/leap/webapp'];
 
     '/srv/leap/webapp/log/production.log':
       ensure  => present,
-      owner   => leap-webapp,
-      group   => leap-webapp,
+      owner   => 'leap-webapp',
+      group   => 'leap-webapp',
       mode    => '0666',
       require => Vcsrepo['/srv/leap/webapp'];
   }
-- 
cgit v1.2.3