Merge pull request #1443 from anarcat/mode-fix

use more restrictive mode on temp paths

Author: ekohl

manifests/config.pp

@@ -209,13 +209,15 @@
     file { $client_body_temp_path:
       ensure => directory,
       owner  => $daemon_user,
+      mode   => '0700',
     }
   }
 
   if $proxy_temp_path {
     file { $proxy_temp_path:
       ensure => directory,
       owner  => $daemon_user,
+      mode   => '0700',
     }
   }
 

spec/classes/nginx_spec.rb

@@ -325,13 +325,13 @@
               is_expected.to contain_file('/run/nginx/client_body_temp').with(
                 ensure: 'directory',
                 group: 'root',
-                mode: '0644'
+                mode: '0700'
               )
             else
               is_expected.to contain_file('/var/nginx/client_body_temp').with(
                 ensure: 'directory',
                 group: 'root',
-                mode: '0644'
+                mode: '0700'
               )
             end
           end
@@ -341,13 +341,13 @@
               is_expected.to contain_file('/run/nginx/proxy_temp').with(
                 ensure: 'directory',
                 group: 'root',
-                mode: '0644'
+                mode: '0700'
               )
             else
               is_expected.to contain_file('/var/nginx/proxy_temp').with(
                 ensure: 'directory',
                 group: 'root',
-                mode: '0644'
+                mode: '0700'
               )
             end
           end