Update permissions on git identity files

* Add ubuntu to edx, restrict git identity access to edx group members

playbooks/roles/common/tasks/create_users.yml

@@ -2,7 +2,19 @@
 - name: Create 'edx' users group
   group: name=edx state=present
   sudo: True
+  tags:
+  - users
+  - admin_users
+- name: Add user 'ubuntu' to 'edx' group
+  # This is a temporary measure for initial configuration; after the last 
+  # play is run and we've got a good set of users, ubuntu should no longer be used
+  user: name=ubuntu append=yes groups="edx"
+  sudo: True
+  tags:
+  - users
+  - admin_users
 - name: Creating admin users
+  # Admin users, by definition, should be able to sudo w/ password, and read adm-only files
   user: name={{ item.user }} append=yes groups={{ "adm,edx,"+",".join(item.groups) }} shell=/bin/bash
   sudo: True
   with_items: admin_users

playbooks/roles/lms/tasks/main.yml

@@ -24,14 +24,14 @@
 # ugly relative pathing here
 
 - name: install read-only ssh key for mitx repo (private)
-  copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=root group=root mode=644
+  copy: src=../../../{{ secure_dir }}/files/git-identity dest=/etc/git-identity force=yes owner=root group=edx mode=640
   sudo: True
   tags:
   - lms
   - cms
 
 - name: upload ssh script
-  copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=root mode=755
+  copy: src=git_ssh.sh dest=/tmp/git_ssh.sh force=yes owner=root group=edx mode=750
   sudo: True
   tags:
   - lms