[openstack-dev] [openstack-ansible] restrictive umask / file permissions in target hosts
Major Hayden
major at mhtx.net
Tue Jul 25 14:20:56 UTC 2017
On 07/25/2017 08:36 AM, Markus Zoeller wrote:
> A short grep in 'openstack-ansible' shows that the file permissions are
> often not set. I used these commands:
>
> $ grep -n -R "template:" --include \*.yml -A 5
> $ grep -n -R "copy:" --include \*.yml -A 5
>
> IIUC, we're using 'ansible-lint' for style checks. Does it make sense to
> add a new rule which warns/enforces to set the mode (or group/user)?
I'd definitely be in support of that. We should be as explicit as possible when we deploy files and templates.
--
Major Hayden
More information about the OpenStack-dev
mailing list