Page MenuHomeDevCentral

Allow salt group to run salt-call as root
ClosedPublic

Authored by dereckson on Apr 28 2017, 16:12.
Tags
None
Referenced Files
F9558278: D977.id2510.diff
Sat, Jun 7, 11:47
F9553323: D977.diff
Sat, Jun 7, 04:12
Unknown Object (File)
Fri, Jun 6, 09:24
Unknown Object (File)
Sun, Jun 1, 11:32
Unknown Object (File)
Sun, Jun 1, 07:11
Unknown Object (File)
Sun, Jun 1, 03:04
Unknown Object (File)
Sat, May 31, 07:15
Unknown Object (File)
Fri, May 30, 12:30
Subscribers
None

Details

Summary

By default, salt-call runs to the current user. As such, we should
allow to use as root to avoid to first have to touch files/directory,
then to .

Furthermore, it's not convenient to install packages or chown.

Security implication is salt group's members have a root access
to the Salt master too, currently Ysul, in addition to other servers.

Ref. T795.

Test Plan

sudo salt-call --local test.ping

Diff Detail

Repository
rOPS Nasqueron Operations
Lint
Lint Not Applicable
Unit
Tests Not Applicable