From 0c63117897236f6ee27b1474dae3a5397840e346 Mon Sep 17 00:00:00 2001
From: John Fulton <fulton@redhat.com>
Date: Tue, 3 May 2022 17:36:16 -0400
Subject: [PATCH] Files in /etc/sudoers.d/ should be owned by root

Set owner and group to root when calling Ansible copy
module to create /etc/sudoers.d/{{ tripleo_admin_user }}
in tripleo_create_admin role.

Change-Id: I9efc5c5fd53ac89710bb9c5f4721f6afb55d8e3c
Closes-Bug: #1971498
---
 .../roles/tripleo_create_admin/tasks/create_user.yml            | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml b/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml
index 9e7f4fbe6..ecc41c153 100644
--- a/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml
+++ b/tripleo_ansible/roles/tripleo_create_admin/tasks/create_user.yml
@@ -26,6 +26,8 @@
     content: |
       {{ tripleo_admin_user }} ALL=(ALL) NOPASSWD:ALL
     mode: 0440
+    owner: root
+    group: root
 
 # workaround for https://bugs.launchpad.net/tripleo/+bug/1917856
 - name: ensure home dir has the right owner/group for user {{ tripleo_admin_user }}