From dd82925e1ade05a83d7a94153781277813405d42 Mon Sep 17 00:00:00 2001
From: Lars Beckers <lars.beckers@rwth-aachen.de>
Date: Fri, 3 May 2019 16:10:15 +0200
Subject: [PATCH] dovecot: fix global script permissions

---
 dovecot/tasks/main.yml | 21 ++++++++++++++++++++-
 1 file changed, 20 insertions(+), 1 deletion(-)

diff --git a/dovecot/tasks/main.yml b/dovecot/tasks/main.yml
index 6182ae1..85f52d9 100644
--- a/dovecot/tasks/main.yml
+++ b/dovecot/tasks/main.yml
@@ -51,7 +51,7 @@
   template:
     src: "sieve/{{ item }}.j2"
     dest: "/var/lib/dovecot/sieve.d/{{ item }}"
-    mode: '0550'
+    mode: '0640'
     owner: dovecot
     group: "{{ dovecot_users_group }}"
   with_items:
@@ -66,6 +66,25 @@
     - spamassassin
     - mail
 
+- meta: flush_handlers
+
+- name: ensure the global spam filter and learning sieve script have correct permissions
+  file:
+    state: present
+    path: "/var/lib/dovecot/sieve.d/{{ item }}"
+    mode: '0640'
+    owner: dovecot
+    group: "{{ dovecot_users_group }}"
+  with_items:
+    - filter-spam.svbin
+    - report-spam.svbin
+    - report-ham.svbin
+  when: dovecot_content_filter
+  tags:
+    - dovecot
+    - spamassassin
+    - mail
+
 - name: ensure scripts for learning spam are present
   copy:
     src: "{{ item }}"
-- 
GitLab