Add fix permissions on authorized key files

2020-03-21 13:10:08 -04:00 · 2020-03-21 13:10:08 -04:00 · cadb79cd26
parent 58431d1d78
commit cadb79cd26
1 changed files with 11 additions and 1 deletions
--- a/tasks/deploy-ssh-keys.yml
+++ b/tasks/deploy-ssh-keys.yml
@ -6,7 +6,7 @@
    state: directory
    owner: "{{ item.name }}"
    group: "{{ item.name }}"
-    mode: 0644
+    mode: 0755
  loop: "{{ _users_local }}"

 - name: Update authorized keys
@ -17,3 +17,13 @@
    state: present
    exclusive: true
  loop: "{{ _users_local }}"
+
+- name: Enforce ownership of authorized keys
+  become: true
+  file:
+    path: /home/{{ item.name }}/.ssh/authorized_keys
+    state: touch
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0444
+  loop: "{{ _users_local }}"