aboutsummaryrefslogtreecommitdiffstats
diff options
context:
space:
mode:
authorGravatar Joe Banks <[email protected]>2024-08-26 16:30:15 +0100
committerGravatar Johannes Christ <[email protected]>2024-08-26 19:22:41 +0200
commitf9dc9e4998573fd78ea36f8a47f8ad5ae05a2ab7 (patch)
tree66566bcf53634062e8099b49db75c54f87923dfe
parentImprove formatting of git clone command for mirrors (diff)
Harden security permissions on git-mirrors owned files
-rw-r--r--ansible/roles/git-mirrors/tasks/main.yml8
1 files changed, 4 insertions, 4 deletions
diff --git a/ansible/roles/git-mirrors/tasks/main.yml b/ansible/roles/git-mirrors/tasks/main.yml
index 0c2f78b..0df9601 100644
--- a/ansible/roles/git-mirrors/tasks/main.yml
+++ b/ansible/roles/git-mirrors/tasks/main.yml
@@ -72,7 +72,7 @@
dest: "{{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}/description"
owner: "{{ git_mirrors_user }}"
group: "{{ git_mirrors_user }}"
- mode: "0644"
+ mode: "0444"
with_items:
- "{{ git_mirrors_mirrored_repositories }}"
tags:
@@ -82,7 +82,7 @@
template:
src: cgitrc.j2
dest: /etc/cgitrc
- mode: "0644"
+ mode: "0444"
owner: root
group: root
tags:
@@ -107,7 +107,7 @@
template:
src: nginx-site.conf.j2
dest: /etc/nginx/sites-available/cgit.conf
- mode: "0644"
+ mode: "0444"
owner: root
group: root
tags:
@@ -129,7 +129,7 @@
template:
src: update-mirrors.sh.j2
dest: "{{ git_mirrors_base_dir }}/update-mirrors.sh"
- mode: "0744"
+ mode: "0544"
owner: "{{ git_mirrors_user }}"
group: "{{ git_mirrors_user }}"
tags: