From 40810f23192f7e55c02f8486c7c18b54c87a816f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Pablo=20Fern=C3=A1ndez=20Rodr=C3=ADguez?=
 <pafernan@redhat.com>
Date: Mon, 30 Sep 2024 17:55:16 +0200
Subject: [PATCH] FIXES #37867 - Fix remote_execution_ssh_keys sudoers
 permissions
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Signed-off-by: Pablo Fernández Rodríguez <pafernan@redhat.com>
---
 .../snippet/remote_execution_ssh_keys.erb                       | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/app/views/unattended/provisioning_templates/snippet/remote_execution_ssh_keys.erb b/app/views/unattended/provisioning_templates/snippet/remote_execution_ssh_keys.erb
index cd5c2e0fe8a..d839a7a4158 100644
--- a/app/views/unattended/provisioning_templates/snippet/remote_execution_ssh_keys.erb
+++ b/app/views/unattended/provisioning_templates/snippet/remote_execution_ssh_keys.erb
@@ -61,9 +61,11 @@ EOF
 <% if @host.operatingsystem.family == 'Redhat' || @host.operatingsystem.family == 'Debian' -%>
 echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL" > /etc/sudoers.d/<%= ssh_user %>
 echo "Defaults:<%= ssh_user %> !requiretty" >> /etc/sudoers.d/<%= ssh_user %>
+chmod 440 /etc/sudoers.d/<%= ssh_user %>
 <% elsif @host.operatingsystem.family == 'Suse' -%>
 echo "<%= ssh_user %> ALL = (root) NOPASSWD : ALL" >> /etc/sudoers
 echo "Defaults:<%= ssh_user %> !targetpw" >> /etc/sudoers
+chmod 440 /etc/sudoers.d/<%= ssh_user %>
 <% end -%>
 <% end -%>
 else