Better permission handling for OpenDMARC.

Resolves #400.

roles/mailserver/tasks/dmarc.yml

@@ -37,6 +37,9 @@
 - name: Copy nightly OpenDMARC report generation script into place
   template: src=etc_opendmarc_report.sh.j2 dest=/etc/opendmarc/report.sh owner=root group=root mode="755"
 
+- name: Touch initial report dat file with correct permissions
+  file: path=/var/run/opendmarc/opendmarc.dat state=touch owner=opendmarc group=opendmarc
+
 - name: Activate OpenDMARC report cronjob
   cron: name="OpenDMARC report" hour="2" minute="0" job="/bin/bash /etc/opendmarc/report.sh >> /var/log/opendmarc_report.log"
 

roles/mailserver/templates/etc_opendmarc_report.sh.j2

@@ -8,7 +8,8 @@ WORK_DIR='/var/run/opendmarc'
 REPORT_EMAIL='{{ admin_email }}'
 
 mv ${WORK_DIR}/opendmarc.dat ${WORK_DIR}/opendmarc_import.dat -f
-cat /dev/null > ${WORK_DIR}/opendmarc.dat
+touch ${WORK_DIR}/opendmarc.dat
+chown opendmarc:opendmarc ${WORK_DIR}/opendmarc.dat
 
 /usr/sbin/opendmarc-import --dbhost=${DB_SERVER} --dbuser=${DB_USER} --dbpasswd=${DB_PASS} --dbname=${DB_NAME} --verbose < ${WORK_DIR}/opendmarc_import.dat