From 19493cedefb81c3406d2bf4c24dad531df95ace5 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Thu, 4 May 2017 11:10:41 +0100
Subject: [PATCH] Tighten permissions on API file

---
 roles/api/tasks/main.yml | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/roles/api/tasks/main.yml b/roles/api/tasks/main.yml
index 26ade3d..10e0874 100644
--- a/roles/api/tasks/main.yml
+++ b/roles/api/tasks/main.yml
@@ -10,7 +10,9 @@
     template:
       src: templates/mail-receiver-environment.json.j2
       dest: /etc/exim4/mail-receiver-environment.json
-      mode: 0644
+      mode: 0640
+      group: Debian-exim
+      owner: root
 
   when: mail_receiver_environment.stat.exists == False
 
-- 
GitLab