diff options
author | Micah Anderson <micah@riseup.net> | 2013-01-31 18:13:25 -0500 |
---|---|---|
committer | Micah Anderson <micah@riseup.net> | 2013-01-31 18:13:25 -0500 |
commit | b0a80e7f0dac8abdca32d057452ace7557c9ec67 (patch) | |
tree | bdf14166759bd6bc6107f1300964eaed37abc104 | |
parent | d7a252b77db843e800ed9fc92a56d5214f432026 (diff) |
change permissions on key directory to allow for non-root applications access to
key files, if the application is in both the 'ssl-cert' group as well as its own
group (eg. 'imapd')
In this configuration you would override the key class to change the owner of
the installed key to be the group of the service (ie. 'imapd') and then the
application can read the key file.
This adjusts this module to adhere to the changes on http://wiki.debian.org/X.509
-rw-r--r-- | manifests/base.pp | 2 | ||||
-rw-r--r-- | manifests/key.pp | 2 |
2 files changed, 2 insertions, 2 deletions
diff --git a/manifests/base.pp b/manifests/base.pp index 59d9259..b88cce6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,7 +20,7 @@ class x509::base { $x509::variables::keys: ensure => directory, - mode => '0700', + mode => '0750', owner => root, group => ssl-cert; diff --git a/manifests/key.pp b/manifests/key.pp index 5060793..79031f5 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -7,7 +7,7 @@ define x509::key ( file { "${x509::variables::keys}/${name}.key": ensure => file, - mode => '0600', + mode => '0640', group => 'ssl-cert', require => Package['ssl-cert'] } |