From 3ceaa7ca70af372e62e71346a57f0910bb5ee2a7 Mon Sep 17 00:00:00 2001
From: Kai <z@kwi.li>
Date: Tue, 11 Jul 2017 22:40:56 -0400
Subject: [PATCH] `named.conf.key` shouldn't be world readable

---
 bind/config.sls | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/bind/config.sls b/bind/config.sls
index fd15f33..78698e6 100644
--- a/bind/config.sls
+++ b/bind/config.sls
@@ -90,7 +90,7 @@ bind_key_config:
     - template: jinja
     - user: {{ salt['pillar.get']('bind:config:user', map.user) }}
     - group: {{ salt['pillar.get']('bind:config:group', map.group) }}
-    - mode: {{ salt['pillar.get']('bind:config:mode', '644') }}
+    - mode: {{ salt['pillar.get']('bind:config:mode', '640') }}
     - require:
       - pkg: bind
     - watch_in: