Permissions on config directories

[anton-johansson]

The playbook sets a bunch of permissions to 755, see here.

We had an idea of using a controller host (a very simple VM), where we execute the playbook for different clusters. This way, we make sure we always have the correct ~/.ktrw directory, we can easily back it up and we avoid risks of re-creating certificates, etc. It also seems a bit quicker to run it like that compared to over from localhost over VPN (which we do a lot these days).

The fact that KTRW wants 755 makes it a bit difficult to work with these with different users. It would be nice if they could be 775 instead, so we could have group permissions. But maybe that's not optimal for when they actually reach the destination servers... There, we'd want 755 I guess?

Do you have any ideas or suggestions, @amimof?

[amimof]

Hi @anton-johansson
I guess it doesn't matter what permissions the config files have from the control host (localhost) so we change that to 775. However the mode should really be 755 or less on the target host. To solve that we could add mode directive to each copy module so that files/folders have 755 when they land on a target host.