proftpd: enforce permissions on password file

2017-10-07 21:43:05 +02:00 · 2017-10-07 21:43:05 +02:00 · 8e86429ea4
parent 3e12be6a0c
commit 8e86429ea4
1 changed files with 14 additions and 1 deletions
--- a/proftpd/tasks/main.yml
+++ b/proftpd/tasks/main.yml
@ -38,6 +38,19 @@
    src: vpasswd
    dest: /etc/proftpd/vpasswd
    force: no
-    mode: "0440"
+  notify: restart proftpd
+  tags:
+  - proftpd
+
+# Why 440? Because should be edited with ftpasswd.
+# So, readonly when opened with vim.
+# Then readable by group.
+- name: Enforce permissions on password file
+  file:
+    path: /etc/proftpd/vpasswd
+    mode: "0440"
+    owner: root
+    group: root
+  notify: restart proftpd
  tags:
  - proftpd