From 95f41c104d28f0ad49d7971eccd95796e848fc68 Mon Sep 17 00:00:00 2001
From: Kyr Shatskyy <kyrylo.shatskyy@gmail.com>
Date: Wed, 6 Mar 2019 19:25:52 +0100
Subject: [PATCH] nameserver: ensure named directories have right owner and
 permissions

Signed-off-by: Kyr Shatskyy <kyrylo.shatskyy@gmail.com>
---
 roles/nameserver/tasks/config.yml | 2 ++
 roles/nameserver/tasks/main.yml   | 6 ++++--
 2 files changed, 6 insertions(+), 2 deletions(-)

diff --git a/roles/nameserver/tasks/config.yml b/roles/nameserver/tasks/config.yml
index c1305393..bfbd2cb3 100644
--- a/roles/nameserver/tasks/config.yml
+++ b/roles/nameserver/tasks/config.yml
@@ -3,6 +3,8 @@
   file:
     path: "{{ named_conf_data_dir }}"
     state: directory
+    owner: named
+    group: named
 
 - name: Create named.conf
   template:
diff --git a/roles/nameserver/tasks/main.yml b/roles/nameserver/tasks/main.yml
index c35dd0c8..dbd83f34 100644
--- a/roles/nameserver/tasks/main.yml
+++ b/roles/nameserver/tasks/main.yml
@@ -19,9 +19,11 @@
     - always
 
 # DDNS updates fail to create or edit jnl files without this
-- name: Ensure permissions set for /var/named/zones
+- name: Ensure permissions set for "{{ named_conf_zones_path }}"
   file:
-    path: /var/named/zones
+    path: "{{ named_conf_zones_path }}"
+    mode: '0700'
+    state: directory
     owner: named
     group: named
   tags:
-- 
2.47.3