File right too permissive

[allamand]

The file created on nodes: /etc/rexray/config.yml contains sensitive datas (cloud credentials)

is it possible to have it created with less read permissions ? actually I have :

-rwxr-xr-x 1 root root 594 Jun  9 08:03 /etc/rexray/config.yml*
``

[codenrhoden]

@sebmoule the ownership and file perms are controllered here: https://github.com/emccode/ansible-role-rexray/blob/master/tasks/config.yml#L7

I could change it to 0600 (no need for +x, either). That would make it only readable to whatever use the the playbook is running as (likely root).

I think there are scenarios where non-root users would like to use rex-ray right now, though, so I'm not sure if an across the board change for this is the right thing. You absolutely should change it to fit your use-case.

I wonder if it would be better to make the perms 0660, and the have allow variables to be set for owning user and group, which would default to root. That way someone could change the group to rexray-users or something similar.

Thoughts?

[allamand]

What bother me here but not related to the playbook neither rexray i guess is that we need the user password to call openstack api.

Is there no other possibilities than to copy thoses private credential on each node ?