redhat-cop / aap_utilities

Ansible Collection for automated deployment of AAP and other objects for general use
https://galaxy.ansible.com/infra/aap_utilities
GNU General Public License v3.0
81 stars 50 forks source link

Make inventory file mode 600 #238

Closed dbk-rabel closed 5 months ago

dbk-rabel commented 5 months ago

The inventory file that aap_setup_prepare generates contains a lot of credentials, but has very unsafe permissions (664) at the moment.

This commit changes it to 600 permissions.

fixes #237

djdanielsson commented 5 months ago

I am trying to think of any scenario where this could break something

dbk-rabel commented 5 months ago

I am trying to think of any scenario where this could break something

Well, theoretically someone could try to start setup.sh with a different user. So in theory it could break something.

But I guess thats very uncommon. If people use aap_setup_prepare, they probably also use aap_setup_install and will therefore probably use the same ansible user.

djdanielsson commented 5 months ago

yea I had a similar thought... how about this change it to 640 and we go with that? that way if someone wants to use a different user to deploy or something they could just add them to the same group and it should just work

dbk-rabel commented 5 months ago

yea I had a similar thought... how about this change it to 640 and we go with that? that way if someone wants to use a different user to deploy or something they could just add them to the same group and it should just work

Yes, that should also be fine. :)