From e5faf4611ba757a10d64e94ce9364dadf3af4bda Mon Sep 17 00:00:00 2001
From: Klemens Nanni <kn@openbsd.org>
Date: Mon, 5 Jun 2023 18:47:41 +0400
Subject: [PATCH] Sane default file permissions

doas.conf(5) is not an executable format, so `a+x` makes no sense.
It contains privileged commands/information by design, so `o+r` is questionable.

Use `u=rw,g=r,o=` to match OpenBSD's /etc/examples/doas.conf suggestion.
---
 manifests/init.pp | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/manifests/init.pp b/manifests/init.pp
index 0622420..8d7a1e8 100644
--- a/manifests/init.pp
+++ b/manifests/init.pp
@@ -25,7 +25,7 @@
   Hash   $entries    = {},
   String $owner      = 'root',
   String $group      = 'wheel',
-  String $mode       = '0555',
+  String $mode       = '0600',
 ) {
   concat { $configfile:
     owner        => $owner,