From 108f0e85bfd474565d73c80da560022c7793d9ea Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Sun, 25 Sep 2016 17:27:42 +0200
Subject: [PATCH] Protect /etc/salt/grains

Make sure that the permissions of /etc/salt/grains only allow access for the
root user.
---
 salt/bootstrap.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/bootstrap.sh b/salt/bootstrap.sh
index e0a3b07..6e8835e 100755
--- a/salt/bootstrap.sh
+++ b/salt/bootstrap.sh
@@ -30,6 +30,7 @@ pillar_roots:
 log_file: file:///dev/log
 EOF
 
+umask 077
 cat >/etc/salt/grains <<EOF
 roles:
   - redis-server