[Bug 199167] sysutils/py-salt: Run master as non root user
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri May 15 23:21:43 UTC 2015
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199167
jason.unovitch at gmail.com changed:
What |Removed |Added
----------------------------------------------------------------------------
CC| |jason.unovitch at gmail.com
--- Comment #1 from jason.unovitch at gmail.com ---
There is no rc.conf or port changes needed. Simply create a user and update
the master config file with a 'user' entry like this.
/usr/local/etc/salt/master
user: saltmaster
If you just installed Salt and haven't started it yet then you should be good.
Otherwise you'll need to ensure /var/cache/salt, /var/run/salt, and
/var/log/salt are all owned by the right user.
User to user, I think as long as policy from Saltstack is to run as root then
it doesn't seem to be port's policy to override that default. The second issue
you mentioned was closed by the Salt upstream and until Salt's policy changes
then a PR to make a user be default doesn't seem warranted. Like you, I don't
agree with Saltstack's policy as I think network facing services should be
privilege separated by default. Final call goes to the maintainer of course as
to close or keep the PR.
See http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
Jason
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-ports-bugs
mailing list