Allow salt group to run salt-call as root
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 16:12.

Details

Reviewers

Sandlayth

Commits

rOPS33c5717c2291: Allow salt group to run salt-call as root

Summary

By default, salt-call runs to the current user. As such, we should
allow to use as root to avoid to first have to touch files/directory,
then to .

Furthermore, it's not convenient to install packages or chown.

Security implication is salt group's members have a root access
to the Salt master too, currently Ysul, in addition to other servers.

Ref. T795.

Test Plan

sudo salt-call --local test.ping

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Passed

Unit

No Test Coverage

Branch

allow-salt-call-as-root (branched from master)

Build Status

Buildable 1522
Build 1770: arc lint + arc unit

Event Timeline

dereckson created this revision.Apr 28 2017, 16:12

Harbormaster completed remote builds in B1522: Diff 2497.Apr 28 2017, 16:12

s/wheel/salt

Harbormaster completed remote builds in B1523: Diff 2498.Apr 28 2017, 16:13

Sandlayth accepted this revision.Apr 28 2017, 20:35

This revision is now accepted and ready to land.Apr 28 2017, 20:35

Closed by commit rOPS33c5717c2291: Allow salt group to run salt-call as root (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:51

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

saltmaster/

sudo/

files/

salt

2 lines

Diff 2497

View Options

roles/saltmaster/sudo/files/salt

Allow salt group to run salt-call as rootClosedPublicActions