diff options
| author |  Johannes Christ <[email protected]> | 2024-09-01 16:05:23 +0200 |
|---|---|---|
| committer | Johannes Christ <[email protected]> | 2024-09-01 16:26:49 +0200 |
| commit | eb2c9a45af5c9c100520cdfff6d9e15dbe39500d (patch) | |
| tree | f61106921b07e56515ae7b103a677f771ee2bdb1 | |
| parent | Swap saslauthd to mount outside of postfix (diff) | |
Override runtime directory permissions
| -rw-r--r-- | ansible/roles/sasl/tasks/main.yml | 23 |
1 files changed, 23 insertions, 0 deletions
diff --git a/ansible/roles/sasl/tasks/main.yml b/ansible/roles/sasl/tasks/main.yml index 7f72260..6e7fb86 100644 --- a/ansible/roles/sasl/tasks/main.yml +++ b/ansible/roles/sasl/tasks/main.yml @@ -61,6 +61,29 @@ notify: - Restart SASL +# The sysvinit script checks for a dpkg-statoverride when first starting. If +# one exists, it uses it, if none exists, ti creates the directory with +# ownership u=root g=sasl m=710. With these two tasks, we check whether there's +# a default override already specified (presumably from package installation) +# and only set it if it's distinct, ensuring idempotency. +- name: Check current overrides for runtime directory + command: dpkg-statoverride --list "{{ sasl_mux_path }}" + changed_when: false + register: sasl_statoverride_list + tags: + - role::sasl + +- name: Ask dpkg to create runtime directory as sasl user # noqa: no-changed-when + command: "dpkg-statoverride --update --force-statoverride-add --add {{ statoverride_line }}" + tags: + - role::sasl + when: + # Only if necessary. + - sasl_statoverride_list.stdout_lines + - sasl_statoverride_list.stdout_lines[0] != statoverride_line + vars: + statoverride_line: "sasl sasl 710 {{ sasl_mux_path }}" + - name: Copy SASL LDAP configuration template: src: saslauthd.conf.j2 |