Make injected CA file readable by others

Currently the permissions for the CA file that is injected (if the environment is set), doesn't permit users that don't belong to the group that owns the file to read it. This is too restrictive and isn't necessary, as the certificate should be public. This is useful in the case where we want a service that can't read the certificate chain (or bundle) to be able to read that CA certificate. This is the case for the MariaDB version that is being used in CentOS 7.1 for example. Change-Id: I6ff59326a5570670c031b448fb0ffd8dfbd8b025
author: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-02-17 15:48:36 +0200
committer: Juan Antonio Osorio Robles <jaosorior@redhat.com> 2016-02-17 15:51:52 +0200
commit: b6ee4bf4a55ab9cc1dbfd85c5dd6338fef3944ce (patch)
tree: 1dcb9e0a29028f91688f7d42e62043bcee0b95ad /puppet/extraconfig/tls
parent: 509c3be9efd0791a2ef7dd13c011b137b1b441e3 (diff)
1 files changed, 1 insertions, 1 deletions
diff --git a/puppet/extraconfig/tls/ca-inject.yaml b/puppet/extraconfig/tls/ca-inject.yaml
index 5a36e951..aab42849 100644
--- a/puppet/extraconfig/tls/ca-inject.yaml
+++ b/puppet/extraconfig/tls/ca-inject.yaml
@@ -45,7 +45,7 @@ resources:
         cat > ${cacert_path} << EOF
         ${cacert_content}
         EOF
-        chmod 0440 ${cacert_path}
+        chmod 0444 ${cacert_path}
         chown root:root ${cacert_path}
         ${update_anchor_command}
         md5sum ${cacert_path} > ${heat_outputs_path}.root_cert_md5sum
author	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-02-17 15:48:36 +0200
committer	Juan Antonio Osorio Robles <jaosorior@redhat.com>	2016-02-17 15:51:52 +0200
commit	b6ee4bf4a55ab9cc1dbfd85c5dd6338fef3944ce (patch)
tree	1dcb9e0a29028f91688f7d42e62043bcee0b95ad /puppet/extraconfig/tls
parent	509c3be9efd0791a2ef7dd13c011b137b1b441e3 (diff)