From 4e6cbf514ddabd2fcd6adbed7fbeee2ffdc594a9 Mon Sep 17 00:00:00 2001
From: Jeremy Lecour <jlecour@evolix.fr>
Date: Thu, 25 Apr 2019 13:36:17 +0200
Subject: [PATCH] ssl: strengthen SSL private key permissions

---
 ssl/tasks/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/ssl/tasks/main.yml b/ssl/tasks/main.yml
index a739f449..c4f1bd10 100644
--- a/ssl/tasks/main.yml
+++ b/ssl/tasks/main.yml
@@ -12,7 +12,9 @@
   copy:
     src: "ssl/{{ ssl_cert }}.key"
     dest: "/etc/ssl/private/{{ ssl_cert }}.key"
-    mode: "0600"
+    mode: "0640"
+    owner: root
+    group: ssl-cert
   register: ssl_copy_key
   tags:
     - ssl