set the owner/group and mode of the chroot directory properly
authorMicah Anderson <micah@riseup.net>
Mon, 25 Feb 2013 19:59:10 +0000 (14:59 -0500)
committerMicah Anderson <micah@riseup.net>
Mon, 25 Feb 2013 19:59:10 +0000 (14:59 -0500)
"It is important to ensure that <jail_dir> is both empty and unwritable to
anyone."

reference: http://cbonte.github.com/haproxy-dconv/configuration-1.4.html#3-chroot

manifests/init.pp

index a0c191d..7815769 100644 (file)
@@ -113,7 +113,11 @@ class haproxy (
     }
 
     file { $global_options['chroot']:
-      ensure => directory,
+      ensure  => directory,
+      owner   => $global_options['user'],
+      group   => $global_options['group'],
+      mode    => '0550',
+      require => Package['haproxy']
     }
 
   }