salt/run-salt-master-as-dedicated-salt-user.patch

From 6ffbf7fcc178f32c670b177b25ed64658c59f1bf Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 20 Jan 2016 11:01:06 +0100
Subject: [PATCH] Run salt master as dedicated salt user

* Minion runs always as a root
---
 conf/master                      | 3 ++-
 pkg/common/salt-common.logrotate | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/conf/master b/conf/master
index f542051d76..acff94abec 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,8 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+user: salt
+syndic_user: salt
 
 # Tell the master to also use salt-ssh when running commands against minions.
 #enable_ssh_minions: False
diff --git a/pkg/common/salt-common.logrotate b/pkg/common/salt-common.logrotate
index a0306ff370..97d158db18 100644
--- a/pkg/common/salt-common.logrotate
+++ b/pkg/common/salt-common.logrotate
@@ -1,4 +1,5 @@
 /var/log/salt/master {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
@@ -15,6 +16,7 @@
 }
 
 /var/log/salt/key {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
-- 
2.39.2