pool/salt
SHA256
4
0
Fork 1
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
83 Commits 2 Branches 0 Tags
Go to file
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
Pablo Suárez Hernández 77b505ab99 Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack 
- Run salt master as dedicated salt user
- Run salt-api as user salt (bsc#1064520)
- Added:
 * run-salt-master-as-dedicated-salt-user.patch
 * run-salt-api-as-user-salt-bsc-1064520.patch

OBS-URL: https://build.opensuse.org/request/show/546088
OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101
2017-11-27 17:18:19 +00:00
.gitattributes
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
.gitignore
Accepting request 175205 from devel:languages:python
2013-05-16 09:38:22 +00:00
bugfix-always-return-a-string-list-on-unknown-job-ta.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
enable-with-salt-version-parameter-for-setup.py-scri.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
html.tar.bz2
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
introduce-process_count_max-minion-configuration-par.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
list_pkgs-add-parameter-for-returned-attribute-selec.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
multiprocessing-minion-option-documentation-fixes.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
README.SUSE
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
run-salt-api-as-user-salt-bsc-1064520.patch
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack
2017-11-27 17:18:19 +00:00
run-salt-master-as-dedicated-salt-user.patch
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack
2017-11-27 17:18:19 +00:00
salt-2017.7.2.tar.gz
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
salt-tmpfiles.d
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
salt.changes
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack
2017-11-27 17:18:19 +00:00
salt.spec
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack
2017-11-27 17:18:19 +00:00
travis.yml
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
update-documentation.sh
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
use-home-to-get-the-user-home-directory-instead-usin.patch
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00
zyppnotify
Accepting request 541865 from systemsmanagement:saltstack:products:unstable.py3
2017-11-16 09:11:11 +00:00

README.SUSE 

Salt-master as non-root user
============================

With this version of salt the salt-master will run as salt user.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I undo the change
=========================

If you would like to make the change before you can do the following steps manually:
1. change the user parameter in the master configuration
   user: root
2. update the file permissions:
   as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a root user is considers by some a security risk, but
running as root, enables the pam external auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
Description
No description provided
Readme 40 MiB
Languages
Shell 91.3%
Makefile 8.7%