Dominique Leuenberger
b52a481e9c
- Fix issues found around pre_flight_script_args - Added: * prevent-shell-injection-via-pre_flight_script_args-4.patch - Add salt-ssh with Salt Bundle support (venv-salt-minion) (bsc#1182851, bsc#1196432) - Added: * add-salt-ssh-support-with-venv-salt-minion-3004-493.patch - Restrict "state.orchestrate_single" to pass a pillar value if it exists (bsc#1194632) - Added: * state.orchestrate_single-does-not-pass-pillar-none-4.patch OBS-URL: https://build.opensuse.org/request/show/958078 OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/salt?expand=0&rev=126
Salt-master as non-root user ============================ With this version of salt the salt-master will run as salt user. Why an extra user ================= While the current setup runs the master as root user, this is considered a security issue and not in line with the other configuration management tools (eg. puppet) which runs as a dedicated user. How can I undo the change ========================= If you would like to make the change before you can do the following steps manually: 1. change the user parameter in the master configuration user: root 2. update the file permissions: as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt 3. restart the salt-master daemon: as root: rcsalt-master restart or systemctl restart salt-master NOTE ==== Running the salt-master daemon as a root user is considers by some a security risk, but running as root, enables the pam external auth system, as this system needs root access to check authentication. For more information: http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html