From e8f765dcdeed737f2e1b8af1a17c7d6f19b244a0 Mon Sep 17 00:00:00 2001 From: Christian Schwede Date: Wed, 21 Jun 2017 18:12:02 +0200 Subject: [PATCH] Tighten file permissions of dispersion.conf The dispersion.conf contains a password, and should be readable only by the swift user/group. The tool swift-dispersion-report also needs to read swift.conf, and that file has already a mode of 640 - thus it makes sense to use the same mode for this file. Change-Id: Ia6b3c807b3103983a2dd370aad95c709358f43cc --- manifests/dispersion.pp | 1 + spec/classes/swift_dispersion_spec.rb | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/manifests/dispersion.pp b/manifests/dispersion.pp index b20f21fc..97a72a89 100644 --- a/manifests/dispersion.pp +++ b/manifests/dispersion.pp @@ -89,6 +89,7 @@ class swift::dispersion ( ensure => file, owner => 'swift', group => 'swift', + mode => '0640', } swift_dispersion_config { diff --git a/spec/classes/swift_dispersion_spec.rb b/spec/classes/swift_dispersion_spec.rb index c037ea3e..ae33da03 100644 --- a/spec/classes/swift_dispersion_spec.rb +++ b/spec/classes/swift_dispersion_spec.rb @@ -31,7 +31,8 @@ describe 'swift::dispersion' do it { is_expected.to contain_file('/etc/swift/dispersion.conf').with( :ensure => 'file', :owner => 'swift', - :group => 'swift',) + :group => 'swift', + :mode => '0640',) } shared_examples 'swift::dispersion' do