- Disable access to the deploy key for the owner, thus allow root to use the...

- Disable access to the deploy key for the owner, thus allow root to use the key for deployments as well.

- Disable access to the deploy key for the owner, thus allow root to use the...
a97c2df3 · nimrod · dd693d35 · a97c2df3 · a97c2df3
Commit a97c2df3 authored 8 years ago by nimrod
--- a/defaults/main.yml
+++ b/defaults/main.yml
@@ -2,4 +2,3 @@
 # defaults file for deploy-key
 deploy_key_users:
    - nobody
-    - root
--- a/tasks/main.yml
+++ b/tasks/main.yml
@@ -37,12 +37,17 @@
      name: git
      state: present

+- name: Get the nobody uid
+  command: id -u nobody
+  changed_when: False
+  register: deploy_key_nobody_uid
+
 - name: Copy the deployment key
  copy:
      content: '{{ deploy_key }}'
-      owner: root
+      owner: '{{ deploy_key_nobody_uid.stdout.strip()|int -1 }}'
      group: deploy
-      mode: 0o0440
+      mode: 0o0040
      dest: /etc/ssh/deploy.key

 - name: Configure SSH to use the deploy key