Salt-master as non-root user
============================

With the latest version of the salt-master package a new user has been added.
The user salt be used in later versions as the default user for the salt-master daemon.

For now the default user for the salt-master daemon will be root.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I make the change
=========================

If you would like to make the change before you can do the following steps manually:
1. uncomment the user parameter in the master configuration
   user: salt
2. update the file permissions:
   as root: chown -R salt /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a non-root user has some consequences, some salt operations
cannot be executed correctly when the master is not running as root, specifically the pam external
auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html