Fix filemode of the zonefile directory

kajinamit · kajinamit · commit 5c7cb6310018 · 2025-12-22T00:59:19.000+09:00
In CentOS/RHEL the directory is created with mode 0770, instead of 0750. Fixes: #288
diff --git a/manifests/config.pp b/manifests/config.pp
@@ -61,7 +61,7 @@
     ensure => directory,
     owner  => $dns::params::user,
     group  => $dns::params::group,
-    mode   => '0750',
+    mode   => $dns::zonefilepath_mode,
   }
 
   exec { 'create-rndc.key':
diff --git a/manifests/init.pp b/manifests/init.pp
@@ -30,6 +30,8 @@
 #   Name of the service
 # @param zonefilepath
 #   Directory containing zone files
+# @param zonefilepath_mode
+#   Mode of the directory containing zone files
 # @param localzonepath
 #   File holding local zones like RFC1912 or RFC1918 files.  The special value
 #   'unmanaged' can be used if one plans to create custom RFC1912/RFC1918 zones
@@ -159,6 +161,7 @@
   Boolean $manage_service                                           = true,
   String $namedservicename                                          = $dns::params::namedservicename,
   Stdlib::Absolutepath $zonefilepath                                = $dns::params::zonefilepath,
+  Stdlib::Filemode $zonefilepath_mode                               = $dns::params::zonefilepath_mode,
   Variant[Enum['unmanaged'], Stdlib::Absolutepath] $localzonepath   = $dns::params::localzonepath,
   Variant[Enum['unmanaged'], Stdlib::Absolutepath] $defaultzonepath = $dns::params::defaultzonepath,
   Optional[Enum['only', 'first']] $forward                          = undef,
diff --git a/manifests/params.pp b/manifests/params.pp
@@ -7,6 +7,7 @@
       $vardir             = '/var/cache/bind'
       $optionspath        = "${dnsdir}/named.conf.options"
       $zonefilepath       = "${vardir}/zones"
+      $zonefilepath_mode  = '0750'
       $localzonepath      = $facts['os']['name'] ? {
         'Debian' => if versioncmp($facts['os']['release']['major'], '13') >= 0 { 'unmanaged' } else { "${dnsdir}/zones.rfc1918" },
         default  => "${dnsdir}/zones.rfc1918",
@@ -41,6 +42,7 @@
       $vardir             = '/var/named'
       $optionspath        = '/etc/named/options.conf'
       $zonefilepath       = "${vardir}/dynamic"
+      $zonefilepath_mode  = '0770'
       $localzonepath      = "${dnsdir}/named.rfc1912.zones"
       $defaultzonepath    = 'unmanaged'
       $publicviewpath     = "${dnsdir}/named/zones.conf"
@@ -66,6 +68,7 @@
       $vardir             = '/usr/local/etc/namedb/working'
       $optionspath        = '/usr/local/etc/namedb/options.conf'
       $zonefilepath       = "${dnsdir}/dynamic"
+      $zonefilepath_mode  = '0750'
       $localzonepath      = 'unmanaged' # "${dnsdir}/master/empty.db"
       $defaultzonepath    = 'unmanaged'
       $publicviewpath     = "${dnsdir}/zones.conf"
@@ -89,6 +92,7 @@
       $vardir             = '/var/named'
       $optionspath        = "${dnsdir}/named.options.conf"
       $zonefilepath       = "${vardir}/dynamic"
+      $zonefilepath_mode  = '0750'
       $localzonepath      = 'unmanaged' # "${dnsdir}/named.local.conf"
       $defaultzonepath    = 'unmanaged'
       $publicviewpath     = "${dnsdir}/zones.conf"
diff --git a/spec/defines/dns_zone_spec.rb b/spec/defines/dns_zone_spec.rb
@@ -53,7 +53,7 @@
         should contain_file("#{zonefilepath}/db.example.com").with({
           :owner    => user_name,
           :group    => user_name,
-          :mode     => '0644',
+          :mode     => '0640',
           :replace  => 'false',
         }).that_notifies('Class[Dns::Service]')
       end

Original file line number	Diff line number	Diff line change
`@@ -61,7 +61,7 @@`
`61`	`61`	`ensure => directory,`
`62`	`62`	`owner => $dns::params::user,`
`63`	`63`	`group => $dns::params::group,`
`64`		`- mode => '0750',`
	`64`	`+ mode => $dns::zonefilepath_mode,`
`65`	`65`	`}`
`66`	`66`
`67`	`67`	`exec { 'create-rndc.key':`