]> git.apps.os.sepia.ceph.com Git - ceph-ansible.git/commitdiff
projects / ceph-ansible.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 1cc9666)
iscsi: fix ownership on iscsi-gateway.cfg
authorGuillaume Abrioux <gabrioux@redhat.com>
Wed, 21 Oct 2020 12:26:57 +0000 (14:26 +0200)
committerGuillaume Abrioux <gabrioux@redhat.com>
Wed, 21 Oct 2020 14:10:48 +0000 (16:10 +0200)
This file is currently deployed with '0644' ownership making this file
readable by any user on the system.
Since it contains sensitive information it should be readable by the
owner only.

Closes: https://bugzilla.redhat.com/show_bug.cgi?id=1890119
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
roles/ceph-iscsi-gw/tasks/common.yml patch | blob | history

diff --git a/roles/ceph-iscsi-gw/tasks/common.yml b/roles/ceph-iscsi-gw/tasks/common.yml
index 70ad0bfb864b3efd932a1f314fc9768bccad584d..a7de4623c1d462852d70f7b620339a2e30c62b40 100644 (file)
--- a/roles/ceph-iscsi-gw/tasks/common.yml
+++ b/roles/ceph-iscsi-gw/tasks/common.yml
@@ -44,6 +44,7 @@
     dest: /etc/ceph/iscsi-gateway.cfg
     config_type: ini
     config_overrides: '{{ iscsi_conf_overrides }}'
+    mode: "0600"
   notify: restart ceph rbd-target-api-gw
 
 - name: set_fact container_exec_cmd
Unnamed repository; edit this file 'description' to name the repository.