From 821e84f60845ca38d05f5f4e9791037c702eea19 Mon Sep 17 00:00:00 2001
From: Jan Dittberner <jan@dittberner.info>
Date: Sun, 25 Sep 2016 17:27:42 +0200
Subject: [PATCH] Protect /etc/salt/grains

Make sure that the permissions of /etc/salt/grains only allow access for the
root user.
---
 salt/bootstrap.sh | 1 +
 1 file changed, 1 insertion(+)

diff --git a/salt/bootstrap.sh b/salt/bootstrap.sh
index 9db2a28..ecc211a 100755
--- a/salt/bootstrap.sh
+++ b/salt/bootstrap.sh
@@ -30,6 +30,7 @@ pillar_roots:
 log_file: file:///dev/log
 EOF
 
+umask 077
 cat >/etc/salt/grains <<EOF
 roles:
   - fileserver