From 4a6402394a859a4a70751f17b7ba3f6f5b20213b Mon Sep 17 00:00:00 2001
From: Patrick Uiterwijk <puiterwijk@redhat.com>
Date: Tue, 6 Feb 2018 23:17:07 +0000
Subject: [PATCH] Make releng-team able to use releng keytab

Signed-off-by: Patrick Uiterwijk <puiterwijk@redhat.com>
---
 playbooks/groups/releng-compose.yml | 1 +
 roles/keytab/service/tasks/main.yml | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/playbooks/groups/releng-compose.yml b/playbooks/groups/releng-compose.yml
index 8474051fdd..90879c4dc4 100644
--- a/playbooks/groups/releng-compose.yml
+++ b/playbooks/groups/releng-compose.yml
@@ -36,6 +36,7 @@
   - role: keytab/service
     service: compose
     host: "koji{{env_suffix}}.fedoraproject.org"
+    owner_group: releng-team
   - role: keytab/service
     service: mash
     host: "koji{{env_suffix}}.fedoraproject.org"
diff --git a/roles/keytab/service/tasks/main.yml b/roles/keytab/service/tasks/main.yml
index a98c89604f..6ccc61e703 100644
--- a/roles/keytab/service/tasks/main.yml
+++ b/roles/keytab/service/tasks/main.yml
@@ -149,7 +149,7 @@
   - krb5
 
 - name: Set keytab permissions
-  file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0600 state=file
+  file: path={{kt_location}} owner={{owner_user}} group={{owner_group}} mode=0640 state=file
   tags:
   - keytab
   - config