Don't make config files world readable

author: Scott Dodson <sdodson@redhat.com> 2016-02-17 14:06:56 -0500
committer: Scott Dodson <sdodson@redhat.com> 2016-02-17 14:06:56 -0500
commit: c9a2b9bf93d89916950938643bedbce841668cc2 (patch)
tree: a4db92d9c02a82070db08dbf0934451e1522c4b9 /roles/openshift_master/tasks
parent: 630bfbd5a1b7d8045fdaf1082d82eaa5b95bd316 (diff)
download: openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.gz
openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.bz2
openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.xz
openshift-c9a2b9bf93d89916950938643bedbce841668cc2.zip
1 files changed, 6 insertions, 0 deletions
diff --git a/roles/openshift_master/tasks/main.yml b/roles/openshift_master/tasks/main.yml
index 23dfacf79..dd66eeebb 100644
--- a/roles/openshift_master/tasks/main.yml
+++ b/roles/openshift_master/tasks/main.yml
@@ -221,6 +221,9 @@
   template:
     dest: "{{ openshift.master.session_secrets_file }}"
     src: sessionSecretsFile.yaml.v1.j2
+    owner: root
+    group: root
+    mode: 0600
   when: openshift.master.session_auth_secrets is defined and openshift.master.session_encryption_secrets is defined
   notify:
   - restart master
@@ -235,6 +238,9 @@
     dest: "{{ openshift_master_config_file }}"
     src: master.yaml.v1.j2
     backup: true
+    owner: root
+    group: root
+    mode: 0600
   notify:
   - restart master
   - restart master api
author	Scott Dodson <sdodson@redhat.com>	2016-02-17 14:06:56 -0500
committer	Scott Dodson <sdodson@redhat.com>	2016-02-17 14:06:56 -0500
commit	c9a2b9bf93d89916950938643bedbce841668cc2 (patch)
tree	a4db92d9c02a82070db08dbf0934451e1522c4b9 /roles/openshift_master/tasks
parent	630bfbd5a1b7d8045fdaf1082d82eaa5b95bd316 (diff)
download	openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.gz openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.bz2 openshift-c9a2b9bf93d89916950938643bedbce841668cc2.tar.xz openshift-c9a2b9bf93d89916950938643bedbce841668cc2.zip