[openstack-dev] [openstack-ansible] restrictive umask / file permissions in target hosts

Major Hayden major at mhtx.net
Tue Jul 25 14:20:56 UTC 2017

On 07/25/2017 08:36 AM, Markus Zoeller wrote:
> A short grep in 'openstack-ansible' shows that the file permissions are
> often not set. I used these commands:
> $ grep -n -R "template:" --include \*.yml -A 5
> $ grep -n -R "copy:" --include \*.yml -A 5
> IIUC, we're using 'ansible-lint' for style checks. Does it make sense to
> add a new rule which warns/enforces to set the mode (or group/user)?

I'd definitely be in support of that. We should be as explicit as possible when we deploy files and templates.

Major Hayden

More information about the OpenStack-dev mailing list