Paths

Table of Contentst

Allow salt group to run salt-call as root
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 16:12.

Tags

None

Referenced Files

	F10338713: D977.diff
	Mon, Jun 30, 13:35

	Unknown Object (File)
	Sun, Jun 29, 10:44

	Unknown Object (File)
	Sat, Jun 28, 18:08

	Unknown Object (File)
	Fri, Jun 27, 11:32

	Unknown Object (File)
	Wed, Jun 25, 05:09

	Unknown Object (File)
	Sun, Jun 22, 17:19

	Unknown Object (File)
	Sun, Jun 22, 15:24

	Unknown Object (File)
	Sun, Jun 15, 14:22

View All Files

Subscribers

None

Details

Reviewers

Sandlayth

Commits

rOPS33c5717c2291: Allow salt group to run salt-call as root

Summary

By default, salt-call runs to the current user. As such, we should
allow to use as root to avoid to first have to touch files/directory,
then to .

Furthermore, it's not convenient to install packages or chown.

Security implication is salt group's members have a root access
to the Salt master too, currently Ysul, in addition to other servers.

Ref. T795.

Test Plan

sudo salt-call --local test.ping

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson created this revision.Apr 28 2017, 16:12

Harbormaster completed remote builds in B1522: Diff 2497.Apr 28 2017, 16:12

s/wheel/salt

Harbormaster completed remote builds in B1523: Diff 2498.Apr 28 2017, 16:13

Sandlayth accepted this revision.Apr 28 2017, 20:35

This revision is now accepted and ready to land.Apr 28 2017, 20:35

Closed by commit rOPS33c5717c2291: Allow salt group to run salt-call as root (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:51

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

saltmaster/

sudo/

files/

salt

2 lines

Diff 2510

View Options

roles/saltmaster/sudo/files/salt

Allow salt group to run salt-call as rootClosedPublicActions