Paths

Table of Contentst

Allow salt group to run salt-call as root
ClosedPublic
Actions

Authored by dereckson on Apr 28 2017, 16:12.

Tags

None

Referenced Files

	F23903312: D977.id2497.diff
	Sat, Feb 7, 19:55

	F23902514: D977.diff
	Sat, Feb 7, 19:47

	F23894072: D977.id2497.diff
	Sat, Feb 7, 18:19

	F23893862: D977.id2510.diff
	Sat, Feb 7, 18:16

	F23893578: D977.id2498.diff
	Sat, Feb 7, 18:14

	F23889483: D977.id2498.diff
	Sat, Feb 7, 17:28

	F23885313: D977.diff
	Sat, Feb 7, 16:35

	F23862262: D977.diff
	Sat, Feb 7, 08:42

View All Files

Subscribers

None

Details

Reviewers

Sandlayth

Commits

rOPS33c5717c2291: Allow salt group to run salt-call as root

Summary

By default, salt-call runs to the current user. As such, we should
allow to use as root to avoid to first have to touch files/directory,
then to .

Furthermore, it's not convenient to install packages or chown.

Security implication is salt group's members have a root access
to the Salt master too, currently Ysul, in addition to other servers.

Ref. T795.

Test Plan

sudo salt-call --local test.ping

Diff Detail

Repository

rOPS Nasqueron Operations

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

dereckson created this revision.Apr 28 2017, 16:12

Harbormaster completed remote builds in B1522: Diff 2497.Apr 28 2017, 16:12

s/wheel/salt

Harbormaster completed remote builds in B1523: Diff 2498.Apr 28 2017, 16:13

Sandlayth accepted this revision.Apr 28 2017, 20:35

This revision is now accepted and ready to land.Apr 28 2017, 20:35

Closed by commit rOPS33c5717c2291: Allow salt group to run salt-call as root (authored by dereckson, committed by dereckson). · Explain WhyApr 29 2017, 13:51

This revision was automatically updated to reflect the committed changes.

Revision Contents
Changeset List

Path

Size

roles/

saltmaster/

sudo/

files/

salt

2 lines

Diff 2510

View Options

roles/saltmaster/sudo/files/salt

Allow salt group to run salt-call as rootClosedPublicActions