From 543b3f6d963b1b52a1704f0502c6d8b98da9f6e7 Mon Sep 17 00:00:00 2001 From: Max Mehl Date: Sun, 16 Jul 2023 12:34:27 +0200 Subject: [PATCH] set 0700 home directory permissions by default --- defaults/main.yml | 2 ++ tasks/main.yml | 8 +++++++- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/defaults/main.yml b/defaults/main.yml index 6ad6721..483a35c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -15,3 +15,5 @@ generate_ssh_key: true ssh_key_type: ed25519 # Shell shell: /bin/bash +# Home directory permissions +homedir_permissions: "0700" diff --git a/tasks/main.yml b/tasks/main.yml index 73a06c8..9913ea7 100755 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -27,7 +27,7 @@ # None of the special cases has been handled before - password_value is not defined block: - - name: Create idempotent salt for {{ username }}'s password + - name: Create idempotent salt for password of {{ username }} set_fact: salt: "{{ ((username + inventory_hostname) | hash('sha512'))[:16] }}" @@ -51,3 +51,9 @@ # Groups groups: "{{ user_groups }}" append: "{{ groups_append }}" + +- name: Ensure correct directory settings for user {{ username }} + ansible.builtin.file: + path: "/home/{{ username }}" + state: directory + mode: "{{ homedir_permissions }}"