From cadb79cd269c61b90a9ee9c2b94615758b5fe825 Mon Sep 17 00:00:00 2001
From: Ethan Paul <24588726+enpaul@users.noreply.github.com>
Date: Sat, 21 Mar 2020 13:10:08 -0400
Subject: [PATCH] Add fix permissions on authorized key files

---
 tasks/deploy-ssh-keys.yml | 12 +++++++++++-
 1 file changed, 11 insertions(+), 1 deletion(-)

diff --git a/tasks/deploy-ssh-keys.yml b/tasks/deploy-ssh-keys.yml
index b1f23de..3b4b2b0 100644
--- a/tasks/deploy-ssh-keys.yml
+++ b/tasks/deploy-ssh-keys.yml
@@ -6,7 +6,7 @@
     state: directory
     owner: "{{ item.name }}"
     group: "{{ item.name }}"
-    mode: 0644
+    mode: 0755
   loop: "{{ _users_local }}"
 
 - name: Update authorized keys
@@ -17,3 +17,13 @@
     state: present
     exclusive: true
   loop: "{{ _users_local }}"
+
+- name: Enforce ownership of authorized keys
+  become: true
+  file:
+    path: /home/{{ item.name }}/.ssh/authorized_keys
+    state: touch
+    owner: "{{ item.name }}"
+    group: "{{ item.name }}"
+    mode: 0444
+  loop: "{{ _users_local }}"