瀏覽代碼

Explicit permissions for all cert files

Luke Cyca 11 年之前
父節點
當前提交
4bc4cebf41
共有 1 個文件被更改,包括 5 次插入2 次删除
  1. 5
    2
      roles/common/tasks/ssl.yml

+ 5
- 2
roles/common/tasks/ssl.yml 查看文件

@@ -2,15 +2,18 @@
2 2
   copy: src=wildcard_private.key dest=/etc/ssl/private/wildcard_private.key group=ssl-cert owner=root mode=640
3 3
 
4 4
 - name: Copy SSL public certificate into place
5
-  copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root
5
+  copy: src=wildcard_public_cert.crt dest=/etc/ssl/certs/wildcard_public_cert.crt group=root owner=root mode=644
6 6
 
7 7
 - name: Copy CA combined certificate into place
8
-  copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root
8
+  copy: src=wildcard_ca.pem dest=/etc/ssl/certs/wildcard_ca.pem group=root owner=root mode=644
9 9
 
10 10
 - name: Create a combined version of the public cert with intermediate and root CAs
11 11
   shell: cat /etc/ssl/certs/wildcard_public_cert.crt /etc/ssl/certs/wildcard_ca.pem >
12 12
     /etc/ssl/certs/wildcard_combined.pem creates=/etc/ssl/certs/wildcard_combined.pem
13 13
 
14
+- name: Set permissions on combined public cert
15
+  file: name=/etc/ssl/certs/wildcard_combined.pem mode=644
16
+
14 17
 - name: Enable Apache SSL module
15 18
   command: a2enmod ssl creates=/etc/apache2/mods-enabled/ssl.load
16 19
 

Loading…
取消
儲存