35 lines
1.3 KiB
Plaintext
35 lines
1.3 KiB
Plaintext
|
Salt-master as non-root user
|
||
|
|
============================
|
||
|
|
|
||
|
|
With the latest version of the salt-master package a new user has been added.
|
||
|
|
The user salt be used in later versions as the default user for the salt-master daemon.
|
||
|
|
|
||
|
|
For now the default user for the salt-master daemon will be root.
|
||
|
|
|
||
|
|
Why an extra user
|
||
|
|
=================
|
||
|
|
|
||
|
|
While the current setup runs the master as root user, this is considered a security issue
|
||
|
|
and not in line with the other configuration management tools (eg. puppet) which runs as a
|
||
|
|
dedicated user.
|
||
|
|
|
||
|
|
How can I make the change
|
||
|
|
=========================
|
||
|
|
|
||
|
|
If you would like to make the change before you can do the following steps manually:
|
||
|
|
1. uncomment the user parameter in the master configuration
|
||
|
|
user: salt
|
||
|
|
2. update the file permissions:
|
||
|
|
as root: chown -R salt /etc/salt /var/cache/salt /var/log/salt /var/run/salt
|
||
|
|
3. restart the salt-master daemon:
|
||
|
|
as root: rcsalt-master restart or systemctl restart salt-master
|
||
|
|
|
||
|
|
NOTE
|
||
|
|
====
|
||
|
|
|
||
|
|
Running the salt-master daemon as a non-root user has some consequences, some salt operations
|
||
|
|
cannot be executed correctly when the master is not running as root, specifically the pam external
|
||
|
|
auth system, as this system needs root access to check authentication.
|
||
|
|
|
||
|
|
For more information:
|
||
|
|
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
|