Secure files permission

2026-02-26 09:12:09 +07:00 · 2016-11-25 11:33:20 +01:00
parent 5b0977567c
commit 8ccc9f521f
4 changed files with 13 additions and 4 deletions
--- a/tasks/prepare.yml
+++ b/tasks/prepare.yml
@@ -19,6 +19,6 @@
    nginx_modules: "{{ shell_modules.stdout_lines }}"

 - name: FILE | Create folders
-  file: dest={{ item }} owner=root mode=0755 state=directory
+  file: dest="{{ item.dir }}" owner="{{ item.owner }}" mode="{{ item.mode }}" state=directory
  with_items: "{{ nginx_dirs }}"

--- a/tasks/ssl.yml
+++ b/tasks/ssl.yml
@@ -25,6 +25,7 @@
  copy: >
    content="{{ item.key }}"
    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.key' if item.dest_key is not defined else item.dest_key }}"
+    mode=0640
  with_items: "{{ nginx_ssl_pairs }}"
  when: item.key is defined
  notify: reload nginx
@@ -34,6 +35,7 @@
  copy: >
    content="{{ item.cert }}"
    dest="{{ nginx_ssl_dir + '/' + item.name + '/' + item.name + '.crt' if item.dest_cert is not defined else item.dest_cert }}"
+    mode=0644
  with_items: "{{ nginx_ssl_pairs }}"
  when: item.cert is defined
  notify: reload nginx