From 04cee2b4c3709cbe039ee2000cb5ed0ecc9cd581 Mon Sep 17 00:00:00 2001 From: Franziska Kunsmann Date: Sat, 7 Aug 2021 07:13:41 +0200 Subject: [PATCH] bundles/icinga2: fix file permissions --- bundles/icinga2/items.py | 34 +++++++++++++++++++++++++++++----- 1 file changed, 29 insertions(+), 5 deletions(-) diff --git a/bundles/icinga2/items.py b/bundles/icinga2/items.py index d5c889b..b2e88cc 100644 --- a/bundles/icinga2/items.py +++ b/bundles/icinga2/items.py @@ -38,7 +38,7 @@ directories = { '/etc/icinga2/features-enabled': { 'owner': 'nagios', 'group': 'nagios', - 'mode': '0555', + 'mode': '0750', 'purge': True, 'needs': { 'pkg_apt:icinga2-ido-pgsql', @@ -50,7 +50,7 @@ directories = { '/etc/icinga2/conf.d': { 'owner': 'nagios', 'group': 'nagios', - 'mode': '0555', + 'mode': '0750', 'purge': True, 'needs': { 'pkg_apt:icinga2', @@ -62,7 +62,7 @@ directories = { '/etc/icinga2/conf.d/services': { 'owner': 'nagios', 'group': 'nagios', - 'mode': '0555', + 'mode': '0750', 'purge': True, 'needs': { 'pkg_apt:icinga2', @@ -101,6 +101,8 @@ files = { # Icinga2 '/etc/icinga2/icinga2.conf': { 'source': 'icinga2/icinga2.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -116,6 +118,8 @@ files = { '/etc/icinga2/features-available/ido-pgsql.conf': { 'source': 'icinga2/ido-pgsql.conf', 'content_type': 'mako', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -126,6 +130,8 @@ files = { '/etc/icinga2/conf.d/api-users.conf': { 'source': 'icinga2/api-users.conf', 'content_type': 'mako', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -135,6 +141,8 @@ files = { }, '/etc/icinga2/conf.d/app.conf': { 'source': 'icinga2/app.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -144,6 +152,8 @@ files = { }, '/etc/icinga2/conf.d/check_commands.conf': { 'source': 'icinga2/check_commands.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -153,6 +163,8 @@ files = { }, '/etc/icinga2/conf.d/notification_commands.conf': { 'source': 'icinga2/notification_commands.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -162,6 +174,8 @@ files = { }, '/etc/icinga2/conf.d/notifications.conf': { 'source': 'icinga2/notifications.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -171,6 +185,8 @@ files = { }, '/etc/icinga2/conf.d/templates.conf': { 'source': 'icinga2/templates.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -180,6 +196,8 @@ files = { }, '/etc/icinga2/conf.d/timeperiods.conf': { 'source': 'icinga2/timeperiods.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -189,6 +207,8 @@ files = { }, '/etc/icinga2/conf.d/users.conf': { 'source': 'icinga2/users.conf', + 'owner': 'nagios', + 'group': 'nagios', 'content_type': 'mako', 'needs': { 'pkg_apt:icinga2', @@ -251,6 +271,8 @@ actions = { for feature in ENABLED_FEATURES: symlinks[f'/etc/icinga2/features-enabled/{feature}.conf'] = { 'target': f'/etc/icinga2/features-available/{feature}.conf', + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -324,7 +346,6 @@ for bundle, metadata in bundle_metadata.items(): }, 'owner': 'nagios', 'group': 'nagios', - 'mode': '0440', 'triggers': { 'svc_systemd:icinga2:restart', }, @@ -339,7 +360,6 @@ files['/etc/icinga2/conf.d/hosts.conf'] = { }, 'owner': 'nagios', 'group': 'nagios', - 'mode': '0440', 'triggers': { 'svc_systemd:icinga2:restart', }, @@ -350,6 +370,8 @@ files['/etc/icinga2/conf.d/groups.conf'] = { 'context': { 'bundles': bundle_metadata.keys(), }, + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', }, @@ -364,6 +386,8 @@ files['/etc/icinga2/conf.d/downtimes.conf'] = { 'monitored_nodes': monitored_nodes, 'days': DAYS_TO_STRING, }, + 'owner': 'nagios', + 'group': 'nagios', 'needs': { 'pkg_apt:icinga2', },