diff options
| author |  Joe Banks <[email protected]> | 2024-08-26 16:30:15 +0100 |
|---|---|---|
| committer |  Johannes Christ <[email protected]> | 2024-08-26 19:22:41 +0200 |
| commit | f9dc9e4998573fd78ea36f8a47f8ad5ae05a2ab7 (patch) | |
| tree | 66566bcf53634062e8099b49db75c54f87923dfe | |
| parent | Improve formatting of git clone command for mirrors (diff) | |
Harden security permissions on git-mirrors owned files
| -rw-r--r-- | ansible/roles/git-mirrors/tasks/main.yml | 8 |
1 files changed, 4 insertions, 4 deletions
diff --git a/ansible/roles/git-mirrors/tasks/main.yml b/ansible/roles/git-mirrors/tasks/main.yml index 0c2f78b..0df9601 100644 --- a/ansible/roles/git-mirrors/tasks/main.yml +++ b/ansible/roles/git-mirrors/tasks/main.yml @@ -72,7 +72,7 @@ dest: "{{ git_mirrors_base_dir }}/mirrored/{{ item.owner }}/{{ item.repo }}/description" owner: "{{ git_mirrors_user }}" group: "{{ git_mirrors_user }}" - mode: "0644" + mode: "0444" with_items: - "{{ git_mirrors_mirrored_repositories }}" tags: @@ -82,7 +82,7 @@ template: src: cgitrc.j2 dest: /etc/cgitrc - mode: "0644" + mode: "0444" owner: root group: root tags: @@ -107,7 +107,7 @@ template: src: nginx-site.conf.j2 dest: /etc/nginx/sites-available/cgit.conf - mode: "0644" + mode: "0444" owner: root group: root tags: @@ -129,7 +129,7 @@ template: src: update-mirrors.sh.j2 dest: "{{ git_mirrors_base_dir }}/update-mirrors.sh" - mode: "0744" + mode: "0544" owner: "{{ git_mirrors_user }}" group: "{{ git_mirrors_user }}" tags: |