From 0723c9ad8b28d8eff9ee65afac5acf8a8299e8bf Mon Sep 17 00:00:00 2001
From: Silvio Rhatto <rhatto@riseup.net>
Date: Sat, 9 Jun 2018 16:06:59 -0300
Subject: Specify folder permissions

---
 manifests/init.pp | 11 ++++++++++-
 1 file changed, 10 insertions(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 8b5ece8..6c3a4c8 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -3,13 +3,22 @@ class ssl {
     ensure => present,
   }
 
-  file { [ "/etc/ssl", "/etc/ssl/certs", "/etc/ssl/private", "/etc/ssl/dhparams" ]:
+  file { [ "/etc/ssl", "/etc/ssl/certs" ]:
     ensure  => directory,
     owner   => "root",
     group   => "ssl-cert",
+    mode    => '0755',
     require => Group['ssl-cert'],
   }
 
+  file { [ "/etc/ssl/private", "/etc/ssl/dhparams" ]:
+    ensure  => directory,
+    owner   => "root",
+    group   => "ssl-cert",
+    mode    => '0750',
+    require => [ File['/etc/ssl'], Group['ssl-cert'] ],
+  }
+
   file { "/usr/local/bin/ssl-cert-check":
     ensure => present,
     owner   => "root",
-- 
cgit v1.2.3