From 7aede4d058ed26b190d3f22d845b57f4f56fc38e Mon Sep 17 00:00:00 2001
From: Jason Ertel <jason.ertel@securityonionsolutions.com>
Date: Wed, 2 Jun 2021 09:01:16 -0400
Subject: [PATCH] Persist chown/chmod settings on users/roles files

---
 salt/common/tools/sbin/so-user | 4 ++--
 salt/elasticsearch/init.sls    | 6 ++++++
 2 files changed, 8 insertions(+), 2 deletions(-)

diff --git a/salt/common/tools/sbin/so-user b/salt/common/tools/sbin/so-user
index 9ea6c0310..15a71edfa 100755
--- a/salt/common/tools/sbin/so-user
+++ b/salt/common/tools/sbin/so-user
@@ -208,7 +208,7 @@ function syncElastic() {
       >> "$rolesFileTmp"
     [[ $? != 0 ]] && fail "Unable to read credential IDs from database"
   else
-    info "Database file does not exist yet, skipping users export"
+    echo "Database file does not exist yet, skipping users export"
   fi
 
   # Move the temp files over onto the final files
@@ -388,4 +388,4 @@ case "${operation}" in
     ;;
 esac
 
-exit 0
\ No newline at end of file
+exit 0
diff --git a/salt/elasticsearch/init.sls b/salt/elasticsearch/init.sls
index 86d7623d0..0bf442587 100644
--- a/salt/elasticsearch/init.sls
+++ b/salt/elasticsearch/init.sls
@@ -175,11 +175,17 @@ auth_users:
   file.managed:
     - name: /opt/so/conf/elasticsearch/users
     - source: salt://elasticsearch/files/users
+    - user: 930
+    - group: 930
+    - mode: 600
 
 auth_users_roles:
   file.managed:
     - name: /opt/so/conf/elasticsearch/users_roles
     - source: salt://elasticsearch/files/users_roles
+    - user: 930
+    - group: 930
+    - mode: 600
 
 so-elasticsearch:
   docker_container.running: