SHA256
1
0
forked from pool/salt
salt/run-salt-master-as-dedicated-salt-user.patch

48 lines
1.2 KiB
Diff
Raw Normal View History

From 88f40fff3b81edaa55f37949f56c67112ca2dcad Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 20 Jan 2016 11:01:06 +0100
Subject: [PATCH] Run salt master as dedicated salt user
* Minion runs always as a root
---
conf/master | 3 ++-
pkg/salt-common.logrotate | 2 ++
2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/conf/master b/conf/master
index 41a62f2f34..943c5b5846 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,8 @@
# permissions to allow the specified user to run the master. The exception is
# the job cache, which must be deleted if this user is changed. If the
# modified files cause conflicts, set verify_env to False.
-#user: root
+user: salt
+syndic_user: salt
# Tell the master to also use salt-ssh when running commands against minions.
#enable_ssh_minions: False
diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate
index a0306ff370..97d158db18 100644
--- a/pkg/salt-common.logrotate
+++ b/pkg/salt-common.logrotate
@@ -1,4 +1,5 @@
/var/log/salt/master {
+ su salt salt
weekly
missingok
rotate 7
@@ -15,6 +16,7 @@
}
/var/log/salt/key {
+ su salt salt
weekly
missingok
rotate 7
--
2.29.2