From 7db1af01aead3edfa2db6e1b224f57d4999c44fa Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Jakub=20Klinkovsk=C3=BD?= <j.l.k@gmx.com>
Date: Thu, 27 Aug 2020 16:57:51 +0200
Subject: [PATCH] archwiki: fix directory permissions

- home directory needs 751 - nginx accesses it to serve static files
- cache and sessions directories are used only by PHP -> 750
- uploads is public -> 755

Note that the "fix home permissions" task was duplicated. Other tasks
fixing permissions were moved above.
---
 roles/archwiki/tasks/main.yml | 23 ++++++++++-------------
 1 file changed, 10 insertions(+), 13 deletions(-)

diff --git a/roles/archwiki/tasks/main.yml b/roles/archwiki/tasks/main.yml
index 12015d8b0..4ad76f501 100644
--- a/roles/archwiki/tasks/main.yml
+++ b/roles/archwiki/tasks/main.yml
@@ -21,7 +21,16 @@
   register: user_created
 
 - name: fix home permissions
-  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
+  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0751 path="{{ archwiki_dir }}"
+
+- name: fix cache permissions
+  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/cache"
+
+- name: fix sessions permissions
+  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}/sessions"
+
+- name: fix uploads permissions
+  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
 
 - name: set up nginx
   template: src=nginx.d.conf.j2 dest="{{ archwiki_nginx_conf }}" owner=root group=root mode=644
@@ -49,18 +58,6 @@
   notify:
     - run wiki updatescript
 
-- name: fix home permissions
-  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0750 path="{{ archwiki_dir }}"
-
-- name: fix cache permissions
-  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/cache"
-
-- name: fix sessions permissions
-  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/sessions"
-
-- name: fix uploads permissions
-  file: state=directory owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0755 path="{{ archwiki_dir }}/uploads"
-
 - name: configure archwiki
   template: src=LocalSettings.php.j2 dest="{{ archwiki_dir }}/public/LocalSettings.php" owner="{{ archwiki_user }}" group="{{ archwiki_user }}" mode=0640
   register: config
-- 
GitLab