diff --git a/README.md b/README.md index 96c2473..b77dc34 100644 --- a/README.md +++ b/README.md @@ -50,6 +50,19 @@ files. SSHD configuration is not managed inside the role. ### Default role variables + # Path management about sftp users home dir + sftp_data_dir_path: '/var/sftp' + sftp_data_dir_mode: '0750' + sftp_data_dir_owner: 'root' + sftp_data_dir_group: "{{ sftp_users_group_name }}" + + # Sftp users management + sftp_users_group_name: 'sftp-users' + sftp_users_home_mode: '0750' + sftp_users_skeleton: '/etc/skel' + sftp_users_shell: '/usr/sbin/nologin' + sftp_users: [] + ### SFTP users format sftp_users: diff --git a/defaults/main.yml b/defaults/main.yml index 76cc0cd..eeaa15c 100644 --- a/defaults/main.yml +++ b/defaults/main.yml @@ -6,7 +6,7 @@ sftp_data_dir_path: '/var/sftp' sftp_data_dir_mode: '0750' sftp_data_dir_owner: 'root' -sftp_data_dir_group: 'root' +sftp_data_dir_group: "{{ sftp_users_group_name }}" # Sftp users management sftp_users_group_name: 'sftp-users' diff --git a/spec/installation_spec.rb b/spec/installation_spec.rb index 43e50c3..5e8f0d2 100644 --- a/spec/installation_spec.rb +++ b/spec/installation_spec.rb @@ -12,6 +12,16 @@ end end + describe 'datadir directory' do + describe file('/var/sftp') do + it { should exist } + it { should be_directory } + it { should be_owned_by 'root' } + it { should be_grouped_into 'sftp-users' } + it { should be_mode 750 } + end + end + describe 'first user configuration' do describe file('/var/sftp/sftp1/.ssh') do diff --git a/tasks/main.yml b/tasks/main.yml index 3090a33..17215d1 100644 --- a/tasks/main.yml +++ b/tasks/main.yml @@ -2,6 +2,13 @@ # Main tasks file for sftp role +- name: 'Manage sftp users group' + become: True + group: + name: "{{ sftp_users_group_name }}" + state: 'present' + + - name: 'Ensure data path exists' become: True file: @@ -12,13 +19,6 @@ state: 'directory' -- name: 'Manage sftp users group' - become: True - group: - name: "{{ sftp_users_group_name }}" - state: 'present' - - - name: 'Manage sftp users creation' become: True user: