19 lines
914 B
XML
19 lines
914 B
XML
<!-- Règles pour secrets //-->
|
|
<Rules priority="1">
|
|
<Group name="secrets-acl">
|
|
<Action name="setfacl-secrets" timing="post"
|
|
when="modified" status="check"
|
|
command="bash -c 'setfacl -m u:www-data:rx /etc/crans/secrets;
|
|
setfacl -m u:www-data:r /etc/crans/secrets/trigger-generate;
|
|
setfacl -m u:www-data:r /etc/crans/secrets/secrets.py /etc/crans/secrets/dhcp.py /etc/crans/secrets/icecast-token'"/>
|
|
</Group>
|
|
<Action name="setfacl-secrets-freerad" timing="post"
|
|
when="modified" status="check"
|
|
command="bash -c 'setfacl -m u:freerad:rx /etc/crans/;
|
|
setfacl -m u:freerad:rx /etc/crans/secrets;
|
|
setfacl -m u:freerad:r /etc/crans/secrets/dhcp.py;
|
|
setfacl -m u:freerad:r /etc/crans/secrets/secrets.py;
|
|
setfacl -m u:freerad:r /etc/crans/secrets/trigger-generate.pub;
|
|
setfacl -m m::r /etc/crans/secrets/trigger-generate;
|
|
setfacl -m u:freerad:r /etc/crans/secrets/trigger-generate;'"/>
|
|
</Rules>
|