Commit 2178ec33 authored by Tim Smith's avatar Tim Smith
Browse files

Make sure cron files are 0600 not 0644 for CIS compliance



You probably don't want you cron file to default to world readable.
Signed-off-by: default avatarTim Smith <tsmith@chef.io>
parent aaa75ede
......@@ -37,7 +37,7 @@ The `cron_d` custom resource can be used to manage files in `/etc/cron.d`. It su
- `user` - the user to run as. Defaults to "root".
- `mailto`, `path`, `home`, `shell`, `random_delay` - set the corresponding environment variables in the cron.d file. No default.
- `environment` - a Hash containing additional arbitrary environment variables under which the cron job will be run (similar to the `shell` LWRP). No default.
- `mode` - the octal mode of the generated crontab file. Defaults to `0644`.
- `mode` - the octal mode of the generated crontab file. Defaults to `0600`.
#### Examples
......
......@@ -33,6 +33,7 @@ define :cron_manage, user: nil, action: :deny do
t = template file do
source 'cron_manage.erb'
cookbook 'cron'
mode '0600'
variables users: [],
recipe_file: __FILE__.to_s.split('cookbooks/').last,
template_file: source.to_s
......
......@@ -48,7 +48,7 @@ property :home, [String, NilClass]
property :shell, [String, NilClass]
property :comment, [String, NilClass]
property :environment, Hash, default: {}
property :mode, [String, Integer], default: '0644'
property :mode, [String, Integer], default: '0600'
action :create do
create_template(:create)
......
Markdown is supported
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment