Paths

Table of Contentst

Allow salt group to run salt-call as root
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 16:12.

Tags

None

Referenced Files

	F12339219: D977.id2510.diff
	Sun, Oct 26, 11:38

	F12339215: D977.id2498.diff
	Sun, Oct 26, 11:38

	F12338062: D977.id2497.diff
	Sun, Oct 26, 04:40

	F12337715: D977.id2510.diff
	Sun, Oct 26, 03:24

	Unknown Object (File)
	Sat, Oct 25, 06:18

	Unknown Object (File)
	Wed, Oct 22, 01:22

	Unknown Object (File)
	Mon, Oct 20, 13:52

	Unknown Object (File)
	Mon, Oct 20, 13:40

View All Files

Subscribers

None

Details

Reviewers

Sandlayth

Commits

rOPS33c5717c2291: Allow salt group to run salt-call as root

Summary

By default, salt-call runs to the current user. As such, we should
allow to use as root to avoid to first have to touch files/directory,
then to .

Furthermore, it's not convenient to install packages or chown.

Security implication is salt group's members have a root access
to the Salt master too, currently Ysul, in addition to other servers.

Ref. T795.

Test Plan

sudo salt-call --local test.ping

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson created this revision.Apr 28 2017, 16:12

Harbormaster completed remote builds in B1522: Diff 2497.Apr 28 2017, 16:12

s/wheel/salt

Harbormaster completed remote builds in B1523: Diff 2498.Apr 28 2017, 16:13

Sandlayth accepted this revision.Apr 28 2017, 20:35

This revision is now accepted and ready to land.Apr 28 2017, 20:35

Closed by commit rOPS33c5717c2291: Allow salt group to run salt-call as root (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:51

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

saltmaster/

sudo/

files/

salt

2 lines

Diff 2510

View Options

roles/saltmaster/sudo/files/salt

Allow salt group to run salt-call as rootClosedPublicActions