always use 0770 for the certs folder

2020-05-23 13:20:19 +02:00 · 2020-05-23 13:20:19 +02:00 · d9f7e79b7d
commit d9f7e79b7d
parent 57c2a9bb76
3 changed files with 8 additions and 4 deletions
--- a/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
+++ b/roles/elastic-stack/ansible-elasticsearch/tasks/xpack_security.yml
@ -184,7 +184,7 @@
    path: "{{ node_certs_destination }}/"
    owner: root
    group: elasticsearch
-    mode: 0774
+    mode: 0770
    state: directory
    recurse: no
  when:
--- a/roles/elastic-stack/ansible-kibana/tasks/main.yml
+++ b/roles/elastic-stack/ansible-kibana/tasks/main.yml
@ -56,13 +56,14 @@
    - not generate_CA
  tags: xpack-security

- name: Ensuring certificates folder owner
+- name: Ensuring certificates folder owner and permissions
  file:
    path: "{{ node_certs_destination }}/"
    state: directory
    recurse: no
    owner: kibana
    group: kibana
+    mode: 0770
  when:
    - kibana_xpack_security
  tags: xpack-security
@ -70,7 +71,6 @@
 - name: Ensuring certificates folder owner
  file:
    path: "{{ node_certs_destination }}/"
-    mode: 0770
    recurse: no
  when:
    - kibana_xpack_security
--- a/roles/wazuh/ansible-filebeat/tasks/main.yml
+++ b/roles/wazuh/ansible-filebeat/tasks/main.yml
@ -30,6 +30,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
+    owner: root
+    group: root
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@ -44,6 +46,8 @@
  copy:
    src: "{{ item }}"
    dest: "{{ node_certs_destination }}/"
+    owner: root
+    group: root
    mode: 0440
  with_items:
    - "{{ master_certs_path }}/{{ filebeat_node_name }}/{{ filebeat_node_name }}.key"
@ -57,7 +61,7 @@
 - name: Ensuring folder & certs permissions
  file:
    path: "{{ node_certs_destination }}/"
-    mode: 0774
+    mode: 0770
    state: directory
    recurse: no
  when: