From: Grant Slater <github@firefishy.com>
Date: Tue, 20 Dec 2022 18:34:25 +0000 (+0000)
Subject: community: container definitions should not be world readable
X-Git-Url: https://git.openstreetmap.org./chef.git/commitdiff_plain/d293fc15606614a6476d5aa03b81ef820b6c9674?ds=sidebyside

community: container definitions should not be world readable
---

diff --git a/cookbooks/community/recipes/default.rb b/cookbooks/community/recipes/default.rb
index f3888c61a..08f316d68 100644
--- a/cookbooks/community/recipes/default.rb
+++ b/cookbooks/community/recipes/default.rb
@@ -58,7 +58,7 @@ template "/srv/community.openstreetmap.org/docker/containers/data.yml" do
   source "data.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :passwords => passwords
   notifies :run, "execute[discourse_container_data_rebuild]"
 end
@@ -67,7 +67,7 @@ template "/srv/community.openstreetmap.org/docker/containers/web_only.yml" do
   source "web_only.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :license_keys => license_keys, :passwords => passwords
   notifies :run, "execute[discourse_container_web_only_bootstrap]"
 end
@@ -76,7 +76,7 @@ template "/srv/community.openstreetmap.org/docker/containers/mail-receiver.yml"
   source "mail-receiver.yml.erb"
   owner "root"
   group "root"
-  mode "644"
+  mode "640"
   variables :passwords => passwords
   notifies :run, "execute[discourse_container_mail_receiver_rebuild]"
 end