From 8e86429ea4c579fcc9eddc49b6961e2f7f4200a9 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?J=C3=A9r=C3=A9my=20Lecour?= <jeremy.lecour@gmail.com>
Date: Sat, 7 Oct 2017 21:43:05 +0200
Subject: [PATCH] proftpd: enforce permissions on password file

---
 proftpd/tasks/main.yml | 15 ++++++++++++++-
 1 file changed, 14 insertions(+), 1 deletion(-)

diff --git a/proftpd/tasks/main.yml b/proftpd/tasks/main.yml
index 76056e15..4e6a6884 100644
--- a/proftpd/tasks/main.yml
+++ b/proftpd/tasks/main.yml
@@ -38,6 +38,19 @@
     src: vpasswd
     dest: /etc/proftpd/vpasswd
     force: no
-    mode: "0440"
+  notify: restart proftpd
+  tags:
+  - proftpd
+
+# Why 440? Because should be edited with ftpasswd.
+# So, readonly when opened with vim.
+# Then readable by group.
+- name: Enforce permissions on password file
+  file:
+    path: /etc/proftpd/vpasswd
+    mode: "0440"
+    owner: root
+    group: root
+  notify: restart proftpd
   tags:
   - proftpd