From 83abefea0df2cb57ef3fd4a9cdeeabd159bb2094 Mon Sep 17 00:00:00 2001 From: A Holt Date: Sat, 10 Oct 2020 20:39:50 -0400 Subject: [PATCH] /etc/sudoers.d/* files should have permission 0440 @tim-moody: if possible make this same change for roles/js-menu/templates/021_apache_set_time.j2 --- roles/www_options/tasks/main.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml index b33b5c92b..70df9f95c 100644 --- a/roles/www_options/tasks/main.yml +++ b/roles/www_options/tasks/main.yml @@ -86,7 +86,7 @@ template: src: 020_apache_poweroff.j2 dest: /etc/sudoers.d/020_apache_poweroff - mode: '0755' + mode: '0440' when: apache_allow_sudo | bool - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff