From 0cbdda840d2135af47a903a501b5f00cc61d29b6 Mon Sep 17 00:00:00 2001 From: Jeremy Lecour Date: Thu, 3 Feb 2022 14:18:20 +0100 Subject: [PATCH] Explicit permissions for systemd overrides --- CHANGELOG.md | 1 + munin/tasks/main.yml | 2 ++ postgresql/tasks/config.yml | 1 + squid/tasks/systemd.yml | 1 + 4 files changed, 5 insertions(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index a28e9801..1b88fd45 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -12,6 +12,7 @@ The **patch** part changes is incremented if multiple releases happen the same m ### Added +* Explicit permissions for systemd overrides * evolinux-base: option to bypass raid-related tasks * kvm-host: add missing default value diff --git a/munin/tasks/main.yml b/munin/tasks/main.yml index 81769488..d7cf8e2a 100644 --- a/munin/tasks/main.yml +++ b/munin/tasks/main.yml @@ -102,6 +102,8 @@ option: "ProtectHome" value: "false" state: present + create: yes + mode: "0644" notify: - systemd daemon-reload - restart munin-node diff --git a/postgresql/tasks/config.yml b/postgresql/tasks/config.yml index 83b10e25..f29026df 100644 --- a/postgresql/tasks/config.yml +++ b/postgresql/tasks/config.yml @@ -10,6 +10,7 @@ src: postgresql.service.override.conf dest: /etc/systemd/system/postgresql@.service.d/override.conf force: yes + mode: "0644" notify: - reload systemd - restart postgresql diff --git a/squid/tasks/systemd.yml b/squid/tasks/systemd.yml index ac9eb7e9..c84e52d6 100644 --- a/squid/tasks/systemd.yml +++ b/squid/tasks/systemd.yml @@ -19,6 +19,7 @@ template: src: systemd-override.conf.j2 dest: /etc/systemd/system/squid.service.d/override.conf + mode: "0644" force: yes register: _squid_systemd_override