Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
pki: make certificates only readable to group and others
even though we copy these to hosts it's not a good idea to allow them to be overwritten by a random user. Openssl database files are also always recreated, umask should take care of all of that. Ansible does not use default umask from OS so we need to explicitly set it. We can use login shell to figure out the effective command-line umask value.
- Loading branch information