2021-01-08 13:41:50 +01:00
|
|
|
From 88f40fff3b81edaa55f37949f56c67112ca2dcad Mon Sep 17 00:00:00 2001
|
2017-11-27 18:18:19 +01:00
|
|
|
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
|
|
|
|
Date: Wed, 20 Jan 2016 11:01:06 +0100
|
2018-01-26 14:46:21 +01:00
|
|
|
Subject: [PATCH] Run salt master as dedicated salt user
|
2017-11-27 18:18:19 +01:00
|
|
|
|
|
|
|
* Minion runs always as a root
|
|
|
|
---
|
|
|
|
conf/master | 3 ++-
|
|
|
|
pkg/salt-common.logrotate | 2 ++
|
|
|
|
2 files changed, 4 insertions(+), 1 deletion(-)
|
|
|
|
|
|
|
|
diff --git a/conf/master b/conf/master
|
2021-01-08 13:41:50 +01:00
|
|
|
index 41a62f2f34..943c5b5846 100644
|
2017-11-27 18:18:19 +01:00
|
|
|
--- a/conf/master
|
|
|
|
+++ b/conf/master
|
|
|
|
@@ -25,7 +25,8 @@
|
|
|
|
# permissions to allow the specified user to run the master. The exception is
|
|
|
|
# the job cache, which must be deleted if this user is changed. If the
|
|
|
|
# modified files cause conflicts, set verify_env to False.
|
|
|
|
-#user: root
|
|
|
|
+user: salt
|
|
|
|
+syndic_user: salt
|
|
|
|
|
2020-04-07 14:14:01 +02:00
|
|
|
# Tell the master to also use salt-ssh when running commands against minions.
|
|
|
|
#enable_ssh_minions: False
|
2017-11-27 18:18:19 +01:00
|
|
|
diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate
|
2021-01-08 13:41:50 +01:00
|
|
|
index a0306ff370..97d158db18 100644
|
2017-11-27 18:18:19 +01:00
|
|
|
--- a/pkg/salt-common.logrotate
|
|
|
|
+++ b/pkg/salt-common.logrotate
|
|
|
|
@@ -1,4 +1,5 @@
|
|
|
|
/var/log/salt/master {
|
|
|
|
+ su salt salt
|
|
|
|
weekly
|
|
|
|
missingok
|
|
|
|
rotate 7
|
|
|
|
@@ -15,6 +16,7 @@
|
|
|
|
}
|
|
|
|
|
|
|
|
/var/log/salt/key {
|
|
|
|
+ su salt salt
|
|
|
|
weekly
|
|
|
|
missingok
|
|
|
|
rotate 7
|
|
|
|
--
|
2021-01-08 13:41:50 +01:00
|
|
|
2.29.2
|
2018-01-26 14:46:21 +01:00
|
|
|
|
2017-11-27 18:18:19 +01:00
|
|
|
|