set sshd config mode to 0644 on AIX, fixes #371 (#383)

saz · May 23, 2024 · 665feba · 665feba
1 parent 266b19f
commit 665feba
Show file tree

Hide file tree

Showing 5 changed files with 9 additions and 3 deletions.
diff --git a/README.md b/README.md
@@ -1,4 +1,4 @@
-# Puppet SSH [![Support via Gratipay](https://cdn.rawgit.com/gratipay/gratipay-badge/2.3.0/dist/gratipay.svg)](https://gratipay.com/~saz/)
+# Puppet SSH
 
 [![Puppet Forge modules by saz](https://img.shields.io/puppetforge/mc/saz.svg)](https://forge.puppetlabs.com/saz)
 [![Puppet Forge](http://img.shields.io/puppetforge/v/saz/ssh.svg)](https://forge.puppetlabs.com/saz/ssh)

diff --git a/data/AIX.yaml b/data/AIX.yaml
@@ -2,6 +2,7 @@
 ssh::server::sshd_dir: '/etc/ssh'
 ssh::server::sshd_binary: '/usr/sbin/sshd'
 ssh::server::sshd_config: '/etc/ssh/sshd_config'
+ssh::server::sshd_config_mode: '0644'
 ssh::server::ssh_config: '/etc/ssh/ssh_config'
 ssh::server::ssh_known_hosts: '/etc/ssh/ssh_known_hosts'
 ssh::server::service_name: 'sshd'

diff --git a/data/common.yaml b/data/common.yaml
@@ -15,6 +15,7 @@ lookup_options:
 
 ssh::server::sshd_dir: '/etc/ssh'
 ssh::server::sshd_config: '/etc/ssh/sshd_config'
+ssh::server::sshd_config_mode: '0600'
 ssh::client::ssh_config: '/etc/ssh/ssh_config'
 ssh::server::service_name: 'svc:/network/ssh:default'
 ssh::sftp_server_path: 'internal-sftp'

diff --git a/manifests/server.pp b/manifests/server.pp
@@ -20,6 +20,9 @@
 # @param sshd_binary
 #   Path to the sshd binary
 #
+# @param sshd_config_mode
+#   Mode to set on the sshd config file
+#
 # @param host_priv_key_group
 #   Name of the group for the private host key
 #
@@ -61,6 +64,7 @@
   Stdlib::Absolutepath           $sshd_config,
   Stdlib::Absolutepath           $sshd_dir,
   Stdlib::Absolutepath           $sshd_binary,
+  Stdlib::Filemode               $sshd_config_mode,
   Integer                        $host_priv_key_group,
   Hash                           $default_options,
   Enum[present,absent,latest]    $ensure                 = present,

diff --git a/manifests/server/config.pp b/manifests/server/config.pp
@@ -28,7 +28,7 @@
       ensure       => present,
       owner        => 0,
       group        => 0,
-      mode         => '0600',
+      mode         => $ssh::server::sshd_config_mode,
       validate_cmd => $sshd_validate_cmd,
       notify       => Service[$ssh::server::service_name],
     }
@@ -45,7 +45,7 @@
       ensure  => file,
       owner   => 0,
       group   => 0,
-      mode    => '0644',
+      mode    => $ssh::server::sshd_config_mode,
       content => template("${module_name}/issue.net.erb"),
       notify  => Service[$ssh::server::service_name],
     }