restrict permissions on mounts

2023-02-04 23:34:41 +00:00
parent a44b410265
commit 977a12730f
4 changed files with 10 additions and 8 deletions
--- a/roles/nextcloud/tasks/rclone.yml
+++ b/roles/nextcloud/tasks/rclone.yml
@@ -1,10 +1,10 @@
 ---
 # ensure rclone.conf is present (meta role dependencies)

- name: Create rclone mount dir
+- name: Create Rclone mount directory
  file:
    path: "{{ nextcloud_rclone_mount_dir }}"
-    mode: 0755
+    mode: 0770
    state: directory

 # Touch rclone log file to set permissions
@@ -12,7 +12,7 @@
  file:
    path: "{{ rclone_log_dir }}/mount_nextcloud.log"
    state: touch
-    mode: 0644
+    mode: 0640
    access_time: preserve
    modification_time: preserve

@@ -20,7 +20,7 @@
  template:
    src: rclone_mount_nextcloud.service.j2
    dest: /etc/systemd/system/rclone_mount_nextcloud.service
-    mode: 0644
+    mode: 0640
  notify: restart rclone_mount_nextcloud

 - name: "Add {{ webserver_user }} user to rclone group"