fix: explicitely set permissions/owners for .ssh directories of SFTP chroot...

fix: explicitely set permissions/owners for .ssh directories of SFTP chroot user to make sure upload/auth via publickey works fine (this breaks again and again)

fix: explicitely set permissions/owners for .ssh directories of SFTP chroot...
3c776bcb · Jörg Sachse · 654f1e67 · 3c776bcb
Commit 3c776bcb authored 3 years ago by Jörg Sachse
--- a/tasks/configure_sftp_server.yml
+++ b/tasks/configure_sftp_server.yml
@@ -11,10 +11,24 @@
  block:
    - name: separate Berechtigungen für SFTP-chroot setzen
      file:
-        path: "/home/{{ vault_sftp_upload_user }}/"
+        path: "{{ item.path }}"
-        mode: "0750"
+        mode: "{{ item.mode }}"
-        owner: "root"
+        owner: "{{ item.owner }}"
-        group: "{{ vault_sftp_upload_group }}"
+        group: "{{ item.group }}"
+      loop:
+        - path: "/home/{{ vault_sftp_upload_user }}/"
+          mode: "0750"
+          owner: "root"
+          group: "{{ vault_sftp_upload_group }}"
+        - path: "/home/{{ vault_sftp_upload_user }}/.ssh/"
+          mode: "0700"
+          owner: "{{ vault_sftp_upload_user }}"
+          group: "{{ vault_sftp_upload_group }}"
+        - path: "/home/{{ vault_sftp_upload_user }}/.ssh/authorized_keys"
+          mode: "0600"
+          owner: "{{ vault_sftp_upload_user }}"
+          group: "{{ vault_sftp_upload_group }}"
    - name: Konfiguration fuer SFTP-Server einspielen (1/3)
      blockinfile:
        path: "/etc/ssh/sshd_config"