Skip to content

x509 puppet module creates files with wrong permissions

the directory /etc/x509/keys is created with 700 but should be 750 to allow the group to read private keys. Same with /etc/x509/keys/file.pem should be 640 and not 600.

diff --git a/manifests/base.pp b/manifests/base.pp index 59d9259..b88cce6 100644 --- a/manifests/base.pp +++ b/manifests/base.pp @@ -20,7 +20,7 @@ class x509::base {

 $x509::variables::keys:
   ensure  => directory,
  •  mode    => '0700',
  •  mode    => '0750',
 owner   => root,
 group   => ssl-cert;

diff --git a/manifests/key.pp b/manifests/key.pp index 5060793..79031f5 100644 --- a/manifests/key.pp +++ b/manifests/key.pp @@ -7,7 +7,7 @@ define x509::key (

file { "{x509::variables::keys}/{name}.key": ensure => file,

  • mode => '0600',
  • mode => '0640', group => 'ssl-cert', require => Package['ssl-cert'] }

(from redmine: created on 2014-09-18, closed on 2015-07-07)