change permissions on key directory to allow for non-root applications access to

key files, if the application is in both the 'ssl-cert' group as well as its own group (eg. 'imapd') In this configuration you would override the key class to change the owner of the installed key to be the group of the service (ie. 'imapd') and then the application can read the key file. This adjusts this module to adhere to the changes on http://wiki.debian.org/X.509
author: Micah Anderson <micah@riseup.net> 2013-01-31 18:13:25 -0500
committer: Micah Anderson <micah@riseup.net> 2013-01-31 18:13:25 -0500
commit: b0a80e7f0dac8abdca32d057452ace7557c9ec67 (patch)
tree: bdf14166759bd6bc6107f1300964eaed37abc104
parent: d7a252b77db843e800ed9fc92a56d5214f432026 (diff)
2 files changed, 2 insertions, 2 deletions
diff --git a/manifests/base.pp b/manifests/base.pp
index 59d9259..b88cce6 100644
--- a/manifests/base.pp
+++ b/manifests/base.pp
@@ -20,7 +20,7 @@ class x509::base {
 
     $x509::variables::keys:
       ensure  => directory,
-      mode    => '0700',
+      mode    => '0750',
       owner   => root,
       group   => ssl-cert;
 
diff --git a/manifests/key.pp b/manifests/key.pp
index 5060793..79031f5 100644
--- a/manifests/key.pp
+++ b/manifests/key.pp
@@ -7,7 +7,7 @@ define x509::key (
 
   file { "${x509::variables::keys}/${name}.key":
     ensure  => file,
-    mode    => '0600',
+    mode    => '0640',
     group   => 'ssl-cert',
     require => Package['ssl-cert']
   }
author	Micah Anderson <micah@riseup.net>	2013-01-31 18:13:25 -0500
committer	Micah Anderson <micah@riseup.net>	2013-01-31 18:13:25 -0500
commit	b0a80e7f0dac8abdca32d057452ace7557c9ec67 (patch)
tree	bdf14166759bd6bc6107f1300964eaed37abc104
parent	d7a252b77db843e800ed9fc92a56d5214f432026 (diff)