Adjust AgentDVR directory permissions. Add setgid; punt group write.

author Matt Birkholz <matt@birchwood-abbey.net>

Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)

committer Matt Birkholz <matt@birchwood-abbey.net>

Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)
author Matt Birkholz <matt@birchwood-abbey.net>
Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)
committer Matt Birkholz <matt@birchwood-abbey.net>
Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)
diff --git a/README.org b/README.org

index 379797dcbc1e11818539d5a51c3d8fc78275d9d8..f582accfb0d266cd4c19d330d2afcc664566e0f4 100644 (file)
--- a/README.org
+++ b/README.org
@@ -1870,7 +1870,7 @@ AgentDVR runs as the system user ~agentdvr~, which is created here.
      state: directory
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rwx,o=rx
+    mode: u=rwx,g=rwxs,o=rx
  #+END_SRC
  
  ** Authorize User ~agentdvr~
@@ -1883,7 +1883,7 @@ case, the installer will run the program in the terminal.
  #+CAPTION: [[file:roles_t/abbey-dvr/tasks/main.yml][=roles_t/abbey-dvr/tasks/main.yml=]]
  #+BEGIN_SRC conf :tangle roles_t/abbey-dvr/tasks/main.yml
  
-- name: Authorized agentdvr.
+- name: Authorize agentdvr.
    copy:
      content: |
        ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
@@ -1977,7 +1977,7 @@ location do not fail.
      path: /DVR/AgentDVR
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rwx,o=
+    mode: u=rwx,g=rxs,o=
  
  - name: Create /DVR/AgentDVR/video/.
    become: yes
@@ -1986,7 +1986,7 @@ location do not fail.
      path: /DVR/AgentDVR/video
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rx,o=
+    mode: u=rwx,g=rxs,o=
  #+END_SRC
  
  ** Configure IP Cameras
diff --git a/roles_t/abbey-dvr/tasks/main.yml b/roles_t/abbey-dvr/tasks/main.yml

index 17b0824834d5c4c7aa9ea5bbb7384b9d911831be..e57d335598f81d62124dc60c47265d8d8c1bd1b3 100644 (file)
--- a/roles_t/abbey-dvr/tasks/main.yml
+++ b/roles_t/abbey-dvr/tasks/main.yml
@@ -23,9 +23,9 @@
      state: directory
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rwx,o=rx
+    mode: u=rwx,g=rwxs,o=rx
  
-- name: Authorized agentdvr.
+- name: Authorize agentdvr.
    copy:
      content: |
        ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
@@ -84,7 +84,7 @@
      path: /DVR/AgentDVR
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rwx,o=
+    mode: u=rwx,g=rxs,o=
  
  - name: Create /DVR/AgentDVR/video/.
    become: yes
@@ -93,4 +93,4 @@
      path: /DVR/AgentDVR/video
      owner: agentdvr
      group: agentdvr
-    mode: u=rwx,g=rx,o=
+    mode: u=rwx,g=rxs,o=
author	Matt Birkholz <matt@birchwood-abbey.net>
	Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)
committer	Matt Birkholz <matt@birchwood-abbey.net>
	Wed, 18 Sep 2024 19:22:20 +0000 (13:22 -0600)
README.org		patch \| blob \| history
roles_t/abbey-dvr/tasks/main.yml		patch \| blob \| history