]> git-server-git.apps.pok.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: d165dc6)
iscsi: fix ownership on iscsi-gateway.cfg
authorGuillaume Abrioux <gabrioux@redhat.com>
Wed, 21 Oct 2020 12:26:57 +0000 (14:26 +0200)
committerDimitri Savineau <savineau.dimitri@gmail.com>
Wed, 21 Oct 2020 22:27:59 +0000 (18:27 -0400)
This file is currently deployed with '0644' ownership making this file
readable by any user on the system.
Since it contains sensitive information it should be readable by the
owner only.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1890119
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
(cherry picked from commit a822f773002a010ebedddcc2c8cd8f5a03dc786a)

roles/ceph-iscsi-gw/tasks/common.yml patch | blob | history

diff --git a/roles/ceph-iscsi-gw/tasks/common.yml b/roles/ceph-iscsi-gw/tasks/common.yml
index 4af9e3ca971c5a24446bdad5721e11336d43b772..e566e16df6949a2a97dc52ee17d216dc4237b82e 100644 (file)
--- a/roles/ceph-iscsi-gw/tasks/common.yml
+++ b/roles/ceph-iscsi-gw/tasks/common.yml
@@ -44,6 +44,7 @@
     dest: /etc/ceph/iscsi-gateway.cfg
     config_type: ini
     config_overrides: '{{ iscsi_conf_overrides }}'
+    mode: "0600"
   notify: restart ceph rbd-target-api-gw
 
 - name: set_fact container_exec_cmd
Unnamed repository; edit this file 'description' to name the repository.