From: Matt Birkholz <matt@birchwood-abbey.net>
Date: Wed, 18 Sep 2024 19:22:20 +0000 (-0600)
Subject: Adjust AgentDVR directory permissions. Add setgid; punt group write.
X-Git-Url: https://birchwood-abbey.net/git?a=commitdiff_plain;h=7a2c381d53ae11d513987814501d91b264ff47ac;p=Network

Adjust AgentDVR directory permissions. Add setgid; punt group write.
---

diff --git a/README.org b/README.org
index 379797d..f582acc 100644
--- a/README.org
+++ b/README.org
@@ -1870,7 +1870,7 @@ AgentDVR runs as the system user ~agentdvr~, which is created here.
     state: directory
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rwx,o=rx
+    mode: u=rwx,g=rwxs,o=rx
 #+END_SRC
 
 ** Authorize User ~agentdvr~
@@ -1883,7 +1883,7 @@ case, the installer will run the program in the terminal.
 #+CAPTION: [[file:roles_t/abbey-dvr/tasks/main.yml][=roles_t/abbey-dvr/tasks/main.yml=]]
 #+BEGIN_SRC conf :tangle roles_t/abbey-dvr/tasks/main.yml
 
-- name: Authorized agentdvr.
+- name: Authorize agentdvr.
   copy:
     content: |
       ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
@@ -1977,7 +1977,7 @@ location do not fail.
     path: /DVR/AgentDVR
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rwx,o=
+    mode: u=rwx,g=rxs,o=
 
 - name: Create /DVR/AgentDVR/video/.
   become: yes
@@ -1986,7 +1986,7 @@ location do not fail.
     path: /DVR/AgentDVR/video
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rx,o=
+    mode: u=rwx,g=rxs,o=
 #+END_SRC
 
 ** Configure IP Cameras
diff --git a/roles_t/abbey-dvr/tasks/main.yml b/roles_t/abbey-dvr/tasks/main.yml
index 17b0824..e57d335 100644
--- a/roles_t/abbey-dvr/tasks/main.yml
+++ b/roles_t/abbey-dvr/tasks/main.yml
@@ -23,9 +23,9 @@
     state: directory
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rwx,o=rx
+    mode: u=rwx,g=rwxs,o=rx
 
-- name: Authorized agentdvr.
+- name: Authorize agentdvr.
   copy:
     content: |
       ALL ALL=(agentdvr) NOPASSWD: /bin/systemctl,/bin/apt-get,\
@@ -84,7 +84,7 @@
     path: /DVR/AgentDVR
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rwx,o=
+    mode: u=rwx,g=rxs,o=
 
 - name: Create /DVR/AgentDVR/video/.
   become: yes
@@ -93,4 +93,4 @@
     path: /DVR/AgentDVR/video
     owner: agentdvr
     group: agentdvr
-    mode: u=rwx,g=rx,o=
+    mode: u=rwx,g=rxs,o=