Merge "Enforce ownership and permissions"

commit: cff4f334e43e11d6feac87c967a853f6b66b59e5 [log] [tgz]
author: Ales Komarek <akomarek@mirantis.com> Thu Apr 13 07:12:00 2017 +0000
committer: Gerrit Code Review <gerrit2@5776b83a74fe> Thu Apr 13 07:12:01 2017 +0000
tree: be83d2252c755d1223f3c9ab05b4a45dc3516cc3
parent: 7b6c17d2c7e429545723ed9a7f060246f873dff8 [diff]
parent: d3cd0ed10d67a78d480ad0c59bb4bc4805e12c19 [diff]
diff --git a/heka/_common.sls b/heka/_common.sls
index 1753840..9f71c31 100644
--- a/heka/_common.sls
+++ b/heka/_common.sls

@@ -7,15 +7,24 @@
 /usr/share/lma_collector:
   file.recurse:
   - source: salt://heka/files/lua
+  - user: root
+  - group: heka
+  - file_mode: 640
+  - dir_mode: 750
+  - require:
+    - user: heka_user
 
 /usr/share/lma_collector/common/extra_fields.lua:
   file.managed:
   - source: salt://heka/files/extra_fields.lua
   - user: root
-  - mode: 644
+  - group: heka
+  - mode: 640
   - defaults:
       extra_fields: {{ server.extra_fields }}
   - template: jinja
+  - require:
+    - user: heka_user
 
 heka_user:
   user.present:

diff --git a/heka/_service.sls b/heka/_service.sls
index 359e716..70d80ce 100644
--- a/heka/_service.sls
+++ b/heka/_service.sls

@@ -13,6 +13,7 @@
   file.directory:
   - name: /var/cache/{{ service_name }}
   - user: heka
+  - group: heka
   - mode: 750
   - makedirs: true
commit	cff4f334e43e11d6feac87c967a853f6b66b59e5	[log] [tgz]
author	Ales Komarek <akomarek@mirantis.com>	Thu Apr 13 07:12:00 2017 +0000
committer	Gerrit Code Review <gerrit2@5776b83a74fe>	Thu Apr 13 07:12:01 2017 +0000
tree	be83d2252c755d1223f3c9ab05b4a45dc3516cc3
parent	7b6c17d2c7e429545723ed9a7f060246f873dff8 [diff]
parent	d3cd0ed10d67a78d480ad0c59bb4bc4805e12c19 [diff]