From 3c65bce95e7f66ddf61033a9bddabae5cdd80cb9 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Tue, 22 Nov 2016 17:01:29 +0100
Subject: [PATCH] Nginx: file permissions

---
 nginx/tasks/main.yml | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

diff --git a/nginx/tasks/main.yml b/nginx/tasks/main.yml
index e57ab36b..f0e9e5c8 100644
--- a/nginx/tasks/main.yml
+++ b/nginx/tasks/main.yml
@@ -17,12 +17,18 @@
   tags:
     - nginx
 
+# TODO: verify that those permisisons are correct :
+# not too strict for private_ipaddr_whitelist
+# and not too loose for private_htpasswd
+
 - name: Copy snippets
   copy:
     src: nginx/snippets/
     dest: /etc/nginx/snippets/
-    directory_mode: 0644
-    mode: 0644
+    owner: www-data
+    group: www-data
+    directory_mode: 0640
+    mode: 0640
     # force: yes
   notify: reload nginx
   tags: