pool/salt - salt - openSUSE Gitea

pool/salt

SHA256

Go to file

Pablo Suárez Hernández 77b505ab99 Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Added: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch OBS-URL: https://build.opensuse.org/request/show/546088 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101		2017-11-27 17:18:19 +00:00
.gitattributes	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
.gitignore	Accepting request 175205 from devel:languages:python	2013-05-16 09:38:22 +00:00
bugfix-always-return-a-string-list-on-unknown-job-ta.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
enable-with-salt-version-parameter-for-setup.py-scri.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
html.tar.bz2	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
introduce-process_count_max-minion-configuration-par.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
list_pkgs-add-parameter-for-returned-attribute-selec.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
multiprocessing-minion-option-documentation-fixes.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
README.SUSE	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
run-salt-api-as-user-salt-bsc-1064520.patch	Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack	2017-11-27 17:18:19 +00:00
run-salt-master-as-dedicated-salt-user.patch	Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack	2017-11-27 17:18:19 +00:00
salt-2017.7.2.tar.gz	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
salt-tmpfiles.d	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
salt.changes	Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack	2017-11-27 17:18:19 +00:00
salt.spec	Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack	2017-11-27 17:18:19 +00:00
travis.yml	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
update-documentation.sh	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
use-home-to-get-the-user-home-directory-instead-usin.patch	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00
zyppnotify	Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3	2017-11-16 09:11:11 +00:00

README.SUSE

Salt-master as non-root user
============================

With this version of salt the salt-master will run as salt user.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I undo the change
=========================

If you would like to make the change before you can do the following steps manually:
1. change the user parameter in the master configuration
   user: root
2. update the file permissions:
   as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a root user is considers by some a security risk, but
running as root, enables the pam external auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html