Commit b7064e28 authored by Bob Vincent's avatar Bob Vincent Committed by Raphaël Pinson
Browse files

Ensure that map files are not globally readable by default.

parent a8b52cf4
......@@ -28,6 +28,7 @@ define postfix::hash (
Enum['present', 'absent'] $ensure='present',
Variant[Array[String], String, Undef] $source=undef,
Variant[Array[String], String, Undef] $content=undef,
Variant[String[4,4], Undef] $mode='0640',
) {
include ::postfix::params
......@@ -47,6 +48,7 @@ define postfix::hash (
content => $content,
type => 'hash',
path => $name,
mode => $mode,
}
Class['postfix'] -> Postfix::Hash[$title]
......
......@@ -11,7 +11,8 @@
# [*source*] - file source.
# [*type*] - type of the postfix map (valid values are cidr, pcre, hash...)
# [*path*] - path of the created file. By default it is placed in the
# postfix directory
# postfix directory.
# [*mode*] - mode of the created file. By default it is '0640'.
#
# === Requires
#
......@@ -32,6 +33,7 @@ define postfix::map (
Variant[Array[String], String, Undef] $content = undef,
String $type = 'hash',
Stdlib::Absolutepath $path = "/etc/postfix/${name}",
String[4,4] $mode = '0640'
) {
include ::postfix::params
......@@ -61,7 +63,7 @@ define postfix::map (
content => $content,
owner => 'root',
group => 'postfix',
mode => '0644',
mode => $mode,
require => Package['postfix'],
notify => $manage_notify,
}
......@@ -72,7 +74,7 @@ define postfix::map (
path => "${path}.db",
owner => 'root',
group => 'postfix',
mode => '0644',
mode => $mode,
require => [File["postfix map ${name}"], Exec["generate ${name}.db"]],
}
}
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment