Use secure persmissions for barbican configuration

This contains credentials, it shouldn't be world readable, and certainly not writeable by the service user. Change-Id: I165acd8c7568a80f463b32c73dd47102e10fdd07
2019-06-28 14:09:49 +02:00 · 2019-06-28 14:09:49 +02:00 · d8eeb07880
commit d8eeb07880
parent 58f9a05123
1 changed files with 2 additions and 2 deletions
--- a/tasks/barbican_post_install.yml
+++ b/tasks/barbican_post_install.yml
@ -17,9 +17,9 @@
  config_template:
    src: "{{ item.source }}"
    dest: "{{ item.destination }}"
-    owner: "{{ barbican_system_user_name }}"
+    owner: "root"
    group: "{{ barbican_system_group_name }}"
-    mode: "0644"
+    mode: "0640"
    config_overrides: "{{ item.config_overrides }}"
    config_type: "{{ item.config_type }}"
  with_items: