Date: Fri, 15 May 2015 23:21:43 +0000 From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 199167] sysutils/py-salt: Run master as non root user Message-ID: <bug-199167-13-AjKPDi9RbG@https.bugs.freebsd.org/bugzilla/> In-Reply-To: <bug-199167-13@https.bugs.freebsd.org/bugzilla/> References: <bug-199167-13@https.bugs.freebsd.org/bugzilla/>
next in thread | previous in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199167 jason.unovitch@gmail.com changed: What |Removed |Added ---------------------------------------------------------------------------- CC| |jason.unovitch@gmail.com --- Comment #1 from jason.unovitch@gmail.com --- There is no rc.conf or port changes needed. Simply create a user and update the master config file with a 'user' entry like this. /usr/local/etc/salt/master user: saltmaster If you just installed Salt and haven't started it yet then you should be good. Otherwise you'll need to ensure /var/cache/salt, /var/run/salt, and /var/log/salt are all owned by the right user. User to user, I think as long as policy from Saltstack is to run as root then it doesn't seem to be port's policy to override that default. The second issue you mentioned was closed by the Salt upstream and until Salt's policy changes then a PR to make a user be default doesn't seem warranted. Like you, I don't agree with Saltstack's policy as I think network facing services should be privilege separated by default. Final call goes to the maintainer of course as to close or keep the PR. See http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html Jason -- You are receiving this mail because: You are the assignee for the bug.
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-199167-13-AjKPDi9RbG>