From 605866f5cc7ccb4da8554f730d153e36ed2db232 Mon Sep 17 00:00:00 2001
From: Nick Bebout <nb@lockbox01.phx2.fedoraproject.org>
Date: Fri, 23 Aug 2013 01:47:16 +0000
Subject: [PATCH] Certificates should be owned by root

---
 tasks/keyserver.yml | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/tasks/keyserver.yml b/tasks/keyserver.yml
index b9a7f94219..07db62dbab 100644
--- a/tasks/keyserver.yml
+++ b/tasks/keyserver.yml
@@ -52,27 +52,27 @@
   - config
 
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.cert
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=apache group=apache mode=0600
+  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.cert owner=root group=root mode=0600
   tags:
   - config
 
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.key
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.key dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=apache group=apache mode=0600
+  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.key dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.key owner=root group=root mode=0600
   tags:
   - config
 
 - name: /etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert
-  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.intermediate.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=apache group=apache mode=0600
+  copy: src=$puppet_private/httpd/wildcard-2013.fedoraproject.org.intermediate.cert dest=/etc/pki/tls/wildcard-2013.fedoraproject.org.intermediate.cert owner=root group=root mode=0600
   tags:
   - config
 
 - name: /etc/pki/tls/keys_fedoraproject_org.crt.pem
-  copy: src=$puppet_private/keys_fedoraproject_org.crt.pem dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=apache group=apache mode=0600
+  copy: src=$puppet_private/keys_fedoraproject_org.crt.pem dest=/etc/pki/tls/keys_fedoraproject_org.crt.pem owner=root group=root mode=0600
   tags:
   - config
 
 - name: /etc/pki/tls/keys_fedoraproject_org.key
-  copy: src=$puppet_private/keys_fedoraproject_org.key dest=/etc/pki/tls/keys_fedoraproject_org.key owner=apache group=apache mode=0600
+  copy: src=$puppet_private/keys_fedoraproject_org.key dest=/etc/pki/tls/keys_fedoraproject_org.key owner=root group=root mode=0600
   tags:
   - config