summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorJan Dittberner <jandd@cacert.org>2020-06-06 12:43:14 +0200
committerJan Dittberner <jandd@cacert.org>2020-06-06 12:43:14 +0200
commit2c55b9f46ad0ca4b7c96b6b4692c4de47da6cfc6 (patch)
treeff427a87990935a52a7324316a1a64fa45095823
parent535bab98e2815e4a365883f032656705e96b7be4 (diff)
downloadcacert-puppet-2c55b9f46ad0ca4b7c96b6b4692c4de47da6cfc6.tar.gz
cacert-puppet-2c55b9f46ad0ca4b7c96b6b4692c4de47da6cfc6.tar.xz
cacert-puppet-2c55b9f46ad0ca4b7c96b6b4692c4de47da6cfc6.zip
Adapt permissions on /etc/ssl/private
This change adapts the ownership and permissions on /etc/ssl/private to the defaults that are set by Debian's ssl-cert package.
-rw-r--r--sitemodules/profiles/manifests/x509cert_common.pp4
1 files changed, 2 insertions, 2 deletions
diff --git a/sitemodules/profiles/manifests/x509cert_common.pp b/sitemodules/profiles/manifests/x509cert_common.pp
index dfa4b92..bdc1a33 100644
--- a/sitemodules/profiles/manifests/x509cert_common.pp
+++ b/sitemodules/profiles/manifests/x509cert_common.pp
@@ -44,8 +44,8 @@ class profiles::x509cert_common (
file { '/etc/ssl/private':
ensure => directory,
owner => 'root',
- group => 'root',
- mode => '0750',
+ group => 'ssl-cert',
+ mode => '0710',
}
$certificates.each |String $name, Data $cert_info| {