Use tmpfiles for the ask-password ACL

Signed-off-by: Patrick Uiterwijk <patrick@puiterwijk.org>
2020-06-10 09:58:11 +02:00 · 2020-06-10 09:58:11 +02:00 · f30c881bf5
commit f30c881bf5
parent 8ccd7a5e9d
2 changed files with 7 additions and 6 deletions
--- a/roles/robosignatory/files/ask-password-robosignatory.conf
+++ b/roles/robosignatory/files/ask-password-robosignatory.conf
@ -0,0 +1 @@
+a       /run/systemd/ask-password       -       -       -       -       u:robosignatory:rwx
--- a/roles/robosignatory/tasks/main.yml
+++ b/roles/robosignatory/tasks/main.yml
@ -192,12 +192,12 @@
  - robosignatory

 - name: Allow robosignatory to use systemd-ask-password
-  acl:
-    path: /run/systemd/ask-password
-    entity: robosignatory
-    etype: user
-    permissions: rwx
-    state: present
+  copy:
+    src: ask-password-robosignatory.conf
+    dest: /etc/tmpfiles.d/ask-password-robosignatory.conf
+    owner: root
+    group: root
+    mode: 0644
  tags:
  - config
  - robosignatory
				`@ -0,0 +1 @@`
				`a /run/systemd/ask-password - - - - u:robosignatory:rwx`