From 83abefea0df2cb57ef3fd4a9cdeeabd159bb2094 Mon Sep 17 00:00:00 2001
From: A Holt <holta@users.noreply.github.com>
Date: Sat, 10 Oct 2020 20:39:50 -0400
Subject: [PATCH] /etc/sudoers.d/* files should have permission 0440

@tim-moody: if possible make this same change for roles/js-menu/templates/021_apache_set_time.j2
---
 roles/www_options/tasks/main.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/roles/www_options/tasks/main.yml b/roles/www_options/tasks/main.yml
index b33b5c92b..70df9f95c 100644
--- a/roles/www_options/tasks/main.yml
+++ b/roles/www_options/tasks/main.yml
@@ -86,7 +86,7 @@
   template:
     src: 020_apache_poweroff.j2
     dest: /etc/sudoers.d/020_apache_poweroff
-    mode: '0755'
+    mode: '0440'
   when: apache_allow_sudo | bool
 
 - name: Remove {{ apache_user }} (per variable apache_user) permission to poweroff, removing /etc/sudoers.d/020_apache_poweroff