Browse Source

Merge pull request #547 from mikeashley/lint-fixes

Add leading 0 to octal file permissions
Justin Plock 8 years ago
parent
commit
c1c0d0a6c6

+ 1
- 1
roles/common/tasks/encfs.yml View File

@@ -25,4 +25,4 @@
25 25
   when: encfs_check.rc == 0
26 26
 
27 27
 - name: Set decrypted directory permissions
28
-  file: state=directory path=/decrypted group=mail mode=775
28
+  file: state=directory path=/decrypted group=mail mode=0775

+ 7
- 7
roles/common/tasks/letsencrypt.yml View File

@@ -28,7 +28,7 @@
28 28
     dest=/etc/cron.monthly/letsencrypt-renew
29 29
     owner=root
30 30
     group=root
31
-    mode=755
31
+    mode=0755
32 32
 
33 33
 - name: Create live directory for LetsEncrypt cron job
34 34
   file: state=directory path=/etc/letsencrypt/live group=root owner=root
@@ -38,26 +38,26 @@
38 38
   when: ansible_ssh_user != "vagrant"
39 39
 
40 40
 - name: Modify permissions to allow ssl-cert group access
41
-  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=750
41
+  file: path=/etc/letsencrypt/archive owner=root group=ssl-cert mode=0750
42 42
   when: ansible_ssh_user != "vagrant"
43 43
 
44 44
 ### Several steps to install a self-signed wildcard key to support offline testing
45 45
 
46 46
 - name: Create live directory for testing keys
47 47
   file: dest=/etc/letsencrypt/live/{{ domain }} state=directory
48
-    owner=root group=root mode=755
48
+    owner=root group=root mode=0755
49 49
   when: ansible_ssh_user == "vagrant"
50 50
 
51 51
 - name: Copy SSL wildcard private key for testing
52 52
   copy: src=wildcard_private.key
53 53
     dest=/etc/letsencrypt/live/{{ domain }}/privkey.pem
54
-    owner=root group=ssl-cert mode=640
54
+    owner=root group=ssl-cert mode=0640
55 55
   when: ansible_ssh_user == "vagrant"
56 56
 
57 57
 - name: Copy SSL public certificate into place for testing
58 58
   copy: src=wildcard_public_cert.crt
59 59
     dest=/etc/letsencrypt/live/{{ domain }}/cert.pem
60
-    group=root owner=root mode=644
60
+    group=root owner=root mode=0644
61 61
   register: certificate
62 62
   notify: restart apache
63 63
   when: ansible_ssh_user == "vagrant"
@@ -65,7 +65,7 @@
65 65
 - name: Copy SSL CA combined certificate into place for testing
66 66
   copy: src=wildcard_ca.pem
67 67
     dest=/etc/letsencrypt/live/{{ domain }}/chain.pem
68
-    group=root owner=root mode=644
68
+    group=root owner=root mode=0644
69 69
   register: ca_certificate
70 70
   notify: restart apache
71 71
   when: ansible_ssh_user == "vagrant"
@@ -78,7 +78,7 @@
78 78
   when: ansible_ssh_user == "vagrant"
79 79
 
80 80
 - name: Set permissions on combined SSL public cert
81
-  file: name=/etc/letsencrypt/live/{{ domain }}/fullchain.pem mode=644
81
+  file: name=/etc/letsencrypt/live/{{ domain }}/fullchain.pem mode=0644
82 82
   notify: restart apache
83 83
   when: ansible_ssh_user == "vagrant"
84 84
 

+ 1
- 1
roles/common/tasks/main.yml View File

@@ -57,7 +57,7 @@
57 57
   file: state=directory path=/decrypted
58 58
 
59 59
 - name: Set decrypted directory permissions
60
-  file: state=directory path=/decrypted group=mail mode=775
60
+  file: state=directory path=/decrypted group=mail mode=0775
61 61
 
62 62
 - include: encfs.yml tags=encfs
63 63
 - include: users.yml tags=users

+ 1
- 1
roles/ircbouncer/tasks/znc.yml View File

@@ -40,7 +40,7 @@
40 40
     mode: 0755
41 41
 
42 42
 - name: Ensure znc user and group can read cert
43
-  file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=640
43
+  file: path=/usr/lib/znc/znc.pem group=znc owner=znc mode=0640
44 44
   notify: restart znc
45 45
 
46 46
 - name: Check for existing config file

+ 2
- 2
roles/mailserver/tasks/dovecot.yml View File

@@ -22,7 +22,7 @@
22 22
   user: name=vmail group=vmail state=present uid=5000 home=/decrypted shell=/usr/sbin/nologin
23 23
 
24 24
 - name: Ensure mail domain directories are in place
25
-  file: state=directory path=/decrypted/{{ item.name }} owner=vmail group=dovecot mode=770
25
+  file: state=directory path=/decrypted/{{ item.name }} owner=vmail group=dovecot mode=0770
26 26
   with_items: mail_virtual_domains
27 27
 
28 28
 - name: Ensure mail directories are in place
@@ -55,7 +55,7 @@
55 55
 
56 56
 - name: Ensure correct permissions on Dovecot config directory
57 57
   file: state=directory path=/etc/dovecot
58
-          group=dovecot owner=vmail mode=770 recurse=yes
58
+          group=dovecot owner=vmail mode=0770 recurse=yes
59 59
   notify: restart dovecot
60 60
 
61 61
 - name: Set firewall rules for dovecot

+ 1
- 1
roles/mailserver/tasks/opendkim.yml View File

@@ -38,7 +38,7 @@
38 38
 
39 39
 - name: Set OpenDKIM config directory permissions
40 40
   file: state=directory path=/etc/opendkim
41
-          group=opendkim owner=opendkim mode=700 recurse=yes
41
+          group=opendkim owner=opendkim mode=0700 recurse=yes
42 42
   notify:
43 43
     - restart opendkim
44 44
     - restart postfix

+ 1
- 1
roles/mailserver/tasks/z-push.yml View File

@@ -32,7 +32,7 @@
32 32
     - skip_ansible_lint
33 33
 
34 34
 - name: Ensure z-push state and log directories are in place
35
-  file: state=directory path={{ item }} owner=www-data group=www-data mode=755
35
+  file: state=directory path={{ item }} owner=www-data group=www-data mode=0755
36 36
   with_items:
37 37
     - /decrypted/zpush-state
38 38
     - /var/log/z-push

+ 3
- 3
roles/vpn/tasks/openvpn.yml View File

@@ -35,7 +35,7 @@
35 35
         state=directory
36 36
         owner=root
37 37
         group=root
38
-        mode=600
38
+        mode=0600
39 39
 
40 40
 - name: Generate CA certificate
41 41
   command: openssl req -nodes -batch -new -x509 -key {{ openvpn_ca }}.key -out {{ openvpn_ca }}.crt -days {{ openvpn_days_valid }} -subj "{{ openssl_request_subject }}/CN=ca-certificate"
@@ -120,10 +120,10 @@
120 120
            creates={{ openvpn_dhparam }}
121 121
 
122 122
 - name: Add empty rc.local if it doesn't exist
123
-  copy: src=rc.local dest=/etc/rc.local mode=700 owner=root group=root force=no
123
+  copy: src=rc.local dest=/etc/rc.local mode=0700 owner=root group=root force=no
124 124
 
125 125
 - name: custom rc.local file with iptables rules
126
-  template: src=rc.local_ansible_openvpn dest=/etc/rc.local_ansible_openvpn mode=700 owner=root group=root
126
+  template: src=rc.local_ansible_openvpn dest=/etc/rc.local_ansible_openvpn mode=0700 owner=root group=root
127 127
 
128 128
 - name: Ensure custom rc.local file is included in rc.local
129 129
   lineinfile: dest=/etc/rc.local line='bash /etc/rc.local_ansible_openvpn' insertbefore='exit 0'

Loading…
Cancel
Save