From 2cf611279bad5725094f3ec5a716ac66f730f8b9 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Greg=20Kar=C3=A9kinian?= Date: Tue, 23 Apr 2019 14:12:55 +0200 Subject: [PATCH] Make the systemd unit for kredits-github not world readable This way the environment variables are kept secret. Only root can read `/proc/$ID/environ` --- site-cookbooks/kredits-github/recipes/default.rb | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/site-cookbooks/kredits-github/recipes/default.rb b/site-cookbooks/kredits-github/recipes/default.rb index d452416..5412cf5 100644 --- a/site-cookbooks/kredits-github/recipes/default.rb +++ b/site-cookbooks/kredits-github/recipes/default.rb @@ -72,7 +72,7 @@ application path_to_deploy do source 'nodejs.systemd.service.erb' owner 'root' group 'root' - mode '0644' + mode '0640' variables( user: deploy_user, group: deploy_group,