From 497bca81933b61c55db03c4cfb03c90bd2537101 Mon Sep 17 00:00:00 2001
From: Major Hayden <major@mhtx.net>
Date: Fri, 9 Oct 2015 16:15:55 -0500
Subject: [PATCH] V-38458: /etc/group user ownership

Implements: blueprint security-hardening

Change-Id: I170ade166813499a82288eb17bc5150e3495bbdc
---
 doc/source/developer-notes/V-38458.rst |  2 ++
 tasks/file_perms.yml                   | 10 +++++++++-
 2 files changed, 11 insertions(+), 1 deletion(-)
 create mode 100644 doc/source/developer-notes/V-38458.rst

diff --git a/doc/source/developer-notes/V-38458.rst b/doc/source/developer-notes/V-38458.rst
new file mode 100644
index 00000000..8711a5d5
--- /dev/null
+++ b/doc/source/developer-notes/V-38458.rst
@@ -0,0 +1,2 @@
+The Ansible task will ensure that the ``/etc/group`` file is owned by the root
+user.
diff --git a/tasks/file_perms.yml b/tasks/file_perms.yml
index c9f6c0e2..00e5d099 100644
--- a/tasks/file_perms.yml
+++ b/tasks/file_perms.yml
@@ -40,10 +40,18 @@
     - cat2
     - V-38449
 
-- name: V-38459 - The /etc/group file must be group-owned by root
+- name: V-38458 - The /etc/group file must be owned by root
   file:
     dest: /etc/group
     owner: root
+  tags:
+    - file_perms
+    - cat2
+    - V-38458
+
+- name: V-38459 - The /etc/group file must be group-owned by root
+  file:
+    dest: /etc/group
     group: root
   tags:
     - file_perms