Search code examples
salt-project

Is there a way to use sudo for a salt master just like a minion?

OS: Ubuntu 14.04 LTS Salt Ver: 2015.8.7+ds-1

I don't want to use root as the user for starting the salt stack master. I've followed the instructions for running as another user instead of root:

  • specified the user under the master config
  • changed the permissions to match the user for /etc/salt /var/cache/salt /var/log/salt /var/run/salt

It doesn't work. After a restart, all the permissions under /var/cache/salt is reverted to root and it has issues with running dmidecode. Did I miss something?

Solution

  • I'm using a simple user for running the salt master. I had some troubles with permissions but it is doable. I have dmidecode warnings too but it should not have any impact because it's more a minion job.

    What I did:

    1. Stop salt master
    2. Edit /etc/salt/master to add user: salt parameter, or use a file in /etc/salt/master.d/

    3. Set new owner:

      chown -Rh salt:salt /etc/salt/master \ /etc/salt/master.d \ /var/cache/salt/master \ /srv/salt

    4. Remove access to '/etc/salt/minion.d' directory: issue #29831

      chmod o-rwx /etc/salt/minion.d

    5. Start salt master

    I think that's all.