From 7c787c29891371b61a14ff6a312bd2241d83508b Mon Sep 17 00:00:00 2001 From: Patrick Uiterwijk Date: Thu, 12 Mar 2015 13:40:44 +0000 Subject: [PATCH] Move the drbackup homedir to /home This is one way to make sure we adhere to: uid < 1000 || homedir in /home --- tasks/drbackupkey.yml | 9 +++++---- 1 file changed, 5 insertions(+), 4 deletions(-) diff --git a/tasks/drbackupkey.yml b/tasks/drbackupkey.yml index 2f71fbcdf4..36cc17d92d 100644 --- a/tasks/drbackupkey.yml +++ b/tasks/drbackupkey.yml @@ -2,17 +2,18 @@ - name: ensure the drbackup group exists group: name=drbackup state=present +# Do not move the homedir outside of /home, since either this or uid < 1000 is required - name: ensure the drbackup user exists - user: name=drbackup comment="DR Backup User" group=drbackup shell=/bin/bash home=/var/lib/drbackup + user: name=drbackup comment="DR Backup User" group=drbackup shell=/bin/bash home=/home/drbackup - name: Make sure the drbackup homedir exists - file: dest=/var/lib/drbackup/ state=directory owner=drbackup group=drbackup mode=0700 + file: dest=/home/drbackup/ state=directory owner=drbackup group=drbackup mode=0700 - name: install the authorized SSH key - file: dest=/var/lib/drbackup/.ssh/ state=directory owner=drbackup group=drbackup mode=0700 + file: dest=/home/drbackup/.ssh/ state=directory owner=drbackup group=drbackup mode=0700 - name: install the backup ssh keys - copy: src={{private}}/files/backup.pub dest=/var/lib/drbackup/.ssh/authorized_keys owner=drbackup group=drbackup mode=0600 + copy: src={{private}}/files/backup.pub dest=/home/drbackup/.ssh/authorized_keys owner=drbackup group=drbackup mode=0600 # # deploy the confine-ssh script