From 8a2fc9d5c9941ea3f7e125e78fe9065540d6c1a4 Mon Sep 17 00:00:00 2001
From: Chris Croome <chris@webarchitects.co.uk>
Date: Sat, 12 Mar 2022 17:06:38 +0000
Subject: [PATCH] chmod suEXEC config dir

---
 tasks/suexec.yml | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/tasks/suexec.yml b/tasks/suexec.yml
index 2674ba4..128b074 100644
--- a/tasks/suexec.yml
+++ b/tasks/suexec.yml
@@ -2,12 +2,18 @@
 - name: Install and configure Apache suEXEC
   block:
 
-    - name: suEXEC present
+    - name: Apache suEXEC package present
       apt:
         pkg:
           - apache2-suexec-custom
         state: present
 
+    - name: Apache suEXEC config directory only readable by root
+      file:
+        path: /etc/apache2/suexec
+        state: directory
+        mode: 0700
+
   tags:
     - apache
 ...
-- 
GitLab