From 1396a9ebeb26fd3fa0635dbc6c51537d23c14fd9 Mon Sep 17 00:00:00 2001
From: Micah Anderson <micah@riseup.net>
Date: Mon, 25 Feb 2013 14:59:10 -0500
Subject: set the owner/group and mode of the chroot directory properly

"It is important to ensure that <jail_dir> is both empty and unwritable to
anyone."

reference: http://cbonte.github.com/haproxy-dconv/configuration-1.4.html#3-chroot
---
 manifests/init.pp | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index a0c191d..7815769 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -113,7 +113,11 @@ class haproxy (
     }
 
     file { $global_options['chroot']:
-      ensure => directory,
+      ensure  => directory,
+      owner   => $global_options['user'],
+      group   => $global_options['group'],
+      mode    => '0550',
+      require => Package['haproxy']
     }
 
   }
-- 
cgit v1.2.3