salt/run-salt-master-as-dedicated-salt-user.patch

From 04906c9a9c1b9fdbc6854a017e92525acd167bc7 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 20 Jan 2016 11:01:06 +0100
Subject: [PATCH] Run salt master as dedicated salt user

* Minion runs always as a root
---
 conf/master               | 3 ++-
 pkg/salt-common.logrotate | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/conf/master b/conf/master
index 986898436a..8461101210 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,8 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+user: salt
+syndic_user: salt
 
 # The port used by the communication interface. The ret (return) port is the
 # interface used for the file server, authentication, job returns, etc.
diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate
index 3cd002308e..0d99d1b801 100644
--- a/pkg/salt-common.logrotate
+++ b/pkg/salt-common.logrotate
@@ -1,4 +1,5 @@
 /var/log/salt/master {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
@@ -15,6 +16,7 @@
 }
 
 /var/log/salt/key {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
-- 
2.16.2
Accepting request 594031 from systemsmanagement:saltstack:testing - Update to 2018.3.0 - Modified: * explore-module.run-response-to-catch-the-result-in-d.patch * add-saltssh-multi-version-support-across-python-inte.patch * run-salt-api-as-user-salt-bsc-1064520.patch * fix-openscap-push.patch * fix-decrease-loglevel-when-unable-to-resolve-addr.patch * fix-cp.push-empty-file.patch * make-it-possible-to-use-login-pull-and-push-from-mod.patch * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch * feat-add-grain-for-all-fqdns.patch * fix-bsc-1065792.patch * run-salt-master-as-dedicated-salt-user.patch * move-log_file-option-to-changeable-defaults.patch * activate-all-beacons-sources-config-pillar-grains.patch * remove-obsolete-unicode-handling-in-pkg.info_install.patch - Add python-2.6 support to salt-ssh - Modified: * add-saltssh-multi-version-support-across-python-inte.patch - Update salt-ssh multiversion patch - Modified: * add-saltssh-multi-version-support-across-python-inte.patch - Removed: * require-same-major-version-while-minor-is-allowed-to.patch OBS-URL: https://build.opensuse.org/request/show/594031 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=117 2018-04-11 18:47:08 +02:00			`From 04906c9a9c1b9fdbc6854a017e92525acd167bc7 Mon Sep 17 00:00:00 2001`
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Added: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch OBS-URL: https://build.opensuse.org/request/show/546088 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101 2017-11-27 18:18:19 +01:00			`From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>`
			`Date: Wed, 20 Jan 2016 11:01:06 +0100`
Accepting request 569868 from systemsmanagement:saltstack:testing - Fix the usage of custom macros on the spec file. - Fix RES7: different dependency names for python-PyYAML and python-MarkupSafe - Build both python2 and python3 binaries together. - Bugfix: errors in external pillar causes crash instead of report of them (bsc#1068446) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Added: * bugfix-the-logic-according-to-the-exact-described-pu.patch * return-error-when-gid_from_name-and-group-does-not-e.patch - Fix "No service execution module loaded" issue (bsc#1065792) - Set SHELL environment variable Added: * fix-bsc-1065792.patch * set-shell-environment-variable-64.patch - Removed unnecessary logging on shutdown (bsc#1050003) - Renamed patch that adds grain fqdns Changed: * catching-error-when-pidfile-cannot-be-deleted Removed: * fix-for-pidfile-removal-logging Renamed: * add-fqdns-grains -> feat-add-grain-for-all-fqdns OBS-URL: https://build.opensuse.org/request/show/569868 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=107 2018-01-26 14:46:21 +01:00			`Subject: [PATCH] Run salt master as dedicated salt user`
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Added: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch OBS-URL: https://build.opensuse.org/request/show/546088 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101 2017-11-27 18:18:19 +01:00
			`* Minion runs always as a root`
			`---`
			`conf/master \| 3 ++-`
			`pkg/salt-common.logrotate \| 2 ++`
			`2 files changed, 4 insertions(+), 1 deletion(-)`

			`diff --git a/conf/master b/conf/master`
Accepting request 581002 from systemsmanagement:saltstack:testing - Remove salt-minion python2 requirement when python3 is default (bsc#1081592) - Remove-obsolete-unicode-handling-in-pkg.info_installed - Added: * remove-obsolete-unicode-handling-in-pkg.info_install.patch - Update to salt-2018.1.99 - Modified: * activate-all-beacons-sources-config-pillar-grains.patch * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch * feat-add-grain-for-all-fqdns.patch * fix-bsc-1065792.patch * list_pkgs-add-parameter-for-returned-attribute-selec.patch * run-salt-api-as-user-salt-bsc-1064520.patch * run-salt-master-as-dedicated-salt-user.patch - Deleted: * python3-compatibility-fix-got-bytes-instead-of-strin.patch * enable-with-salt-version-parameter-for-setup.py-scri.patch * catching-error-when-pidfile-cannot-be-deleted.patch * bugfix-always-return-a-string-list-on-unknown-job-ta.patch * bugfix-the-logic-according-to-the-exact-described-pu.patch * cherrypy-read-reads-bytes-from-the-wire-and-write-th.patch * fix-for-delete_deployment-in-kubernetes-module.patch * fix-salt-master-for-old-psutil.patch * introduce-process_count_max-minion-configuration-par.patch * multiprocessing-minion-option-documentation-fixes.patch * older-logrotate-need-su-directive.patch * return-error-when-gid_from_name-and-group-does-not-e.patch * set-shell-environment-variable-64.patch * split-only-strings-if-they-are-such.patch OBS-URL: https://build.opensuse.org/request/show/581002 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=112 2018-02-28 16:27:22 +01:00			`index 986898436a..8461101210 100644`
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Added: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch OBS-URL: https://build.opensuse.org/request/show/546088 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101 2017-11-27 18:18:19 +01:00			`--- a/conf/master`
			`+++ b/conf/master`
			`@@ -25,7 +25,8 @@`
			`# permissions to allow the specified user to run the master. The exception is`
			`# the job cache, which must be deleted if this user is changed. If the`
			`# modified files cause conflicts, set verify_env to False.`
			`-#user: root`
			`+user: salt`
			`+syndic_user: salt`

			`# The port used by the communication interface. The ret (return) port is the`
			`# interface used for the file server, authentication, job returns, etc.`
			`diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate`
			`index 3cd002308e..0d99d1b801 100644`
			`--- a/pkg/salt-common.logrotate`
			`+++ b/pkg/salt-common.logrotate`
			`@@ -1,4 +1,5 @@`
			`/var/log/salt/master {`
			`+ su salt salt`
			`weekly`
			`missingok`
			`rotate 7`
			`@@ -15,6 +16,7 @@`
			`}`

			`/var/log/salt/key {`
			`+ su salt salt`
			`weekly`
			`missingok`
			`rotate 7`
			`--`
Accepting request 586784 from systemsmanagement:saltstack:testing - Update patches - Modified: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch * fix-openscap-push.patch * fix-cp.push-empty-file.patch * avoid-excessive-syslogging-by-watchdog-cronjob-58.patch * feat-add-grain-for-all-fqdns.patch * fix-bsc-1065792.patch * move-log_file-option-to-changeable-defaults.patch * activate-all-beacons-sources-config-pillar-grains.patch * remove-obsolete-unicode-handling-in-pkg.info_install.patch - Removed: * salt-ssh-fix-json-load-of-return-data-when-it-contai.patch ------------------------------------------------------------------- - Update cp.push patch - Modified: * fix-cp.push-empty-file.patch * salt-ssh-fix-json-load-of-return-data-when-it-contai.patch - force re-generate a new thin.tgz when an update gets installed - fix salt-ssh with a different patch - remove: dumps-should-return-unicode-also-with-py2-to-prevent.patch - added: salt-ssh-fix-json-load-of-return-data-when-it-contai.patch - Added: OBS-URL: https://build.opensuse.org/request/show/586784 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=115 2018-03-19 09:54:13 +01:00			`2.16.2`
Accepting request 569868 from systemsmanagement:saltstack:testing - Fix the usage of custom macros on the spec file. - Fix RES7: different dependency names for python-PyYAML and python-MarkupSafe - Build both python2 and python3 binaries together. - Bugfix: errors in external pillar causes crash instead of report of them (bsc#1068446) - Fix 'user.present' when 'gid_from_name' is set but group does not exist. - Added: * bugfix-the-logic-according-to-the-exact-described-pu.patch * return-error-when-gid_from_name-and-group-does-not-e.patch - Fix "No service execution module loaded" issue (bsc#1065792) - Set SHELL environment variable Added: * fix-bsc-1065792.patch * set-shell-environment-variable-64.patch - Removed unnecessary logging on shutdown (bsc#1050003) - Renamed patch that adds grain fqdns Changed: * catching-error-when-pidfile-cannot-be-deleted Removed: * fix-for-pidfile-removal-logging Renamed: * add-fqdns-grains -> feat-add-grain-for-all-fqdns OBS-URL: https://build.opensuse.org/request/show/569868 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=107 2018-01-26 14:46:21 +01:00
Accepting request 546088 from home:mdinca:branches:systemsmanagement:saltstack - Run salt master as dedicated salt user - Run salt-api as user salt (bsc#1064520) - Added: * run-salt-master-as-dedicated-salt-user.patch * run-salt-api-as-user-salt-bsc-1064520.patch OBS-URL: https://build.opensuse.org/request/show/546088 OBS-URL: https://build.opensuse.org/package/show/systemsmanagement:saltstack/salt?expand=0&rev=101 2017-11-27 18:18:19 +01:00