From owner-freebsd-ports-bugs@FreeBSD.ORG Sat Apr 4 23:33:26 2015 Return-Path: Delivered-To: freebsd-ports-bugs@FreeBSD.org Received: from mx1.freebsd.org (mx1.freebsd.org [8.8.178.115]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by hub.freebsd.org (Postfix) with ESMTPS id 02802735 for ; Sat, 4 Apr 2015 23:33:26 +0000 (UTC) Received: from kenobi.freebsd.org (kenobi.freebsd.org [IPv6:2001:1900:2254:206a::16:76]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client did not present a certificate) by mx1.freebsd.org (Postfix) with ESMTPS id DD19AC89 for ; Sat, 4 Apr 2015 23:33:25 +0000 (UTC) Received: from bugs.freebsd.org ([127.0.1.118]) by kenobi.freebsd.org (8.14.9/8.14.9) with ESMTP id t34NXPdq071697 for ; Sat, 4 Apr 2015 23:33:25 GMT (envelope-from bugzilla-noreply@freebsd.org) From: bugzilla-noreply@freebsd.org To: freebsd-ports-bugs@FreeBSD.org Subject: [Bug 199167] sysutils/py-salt: Run master as non root user Date: Sat, 04 Apr 2015 23:33:25 +0000 X-Bugzilla-Reason: AssignedTo X-Bugzilla-Type: new X-Bugzilla-Watch-Reason: None X-Bugzilla-Product: Ports & Packages X-Bugzilla-Component: Individual Port(s) X-Bugzilla-Version: Latest X-Bugzilla-Keywords: X-Bugzilla-Severity: Affects Only Me X-Bugzilla-Who: luca.corti@infinito.it X-Bugzilla-Status: New X-Bugzilla-Priority: --- X-Bugzilla-Assigned-To: freebsd-ports-bugs@FreeBSD.org X-Bugzilla-Target-Milestone: --- X-Bugzilla-Flags: maintainer-feedback? X-Bugzilla-Changed-Fields: bug_id short_desc product version rep_platform op_sys bug_status bug_severity priority component assigned_to reporter cc flagtypes.name Message-ID: Content-Type: text/plain; charset="UTF-8" Content-Transfer-Encoding: 7bit X-Bugzilla-URL: https://bugs.freebsd.org/bugzilla/ Auto-Submitted: auto-generated MIME-Version: 1.0 X-BeenThere: freebsd-ports-bugs@freebsd.org X-Mailman-Version: 2.1.18-1 Precedence: list List-Id: Ports bug reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Sat, 04 Apr 2015 23:33:26 -0000 https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=199167 Bug ID: 199167 Summary: sysutils/py-salt: Run master as non root user Product: Ports & Packages Version: Latest Hardware: Any OS: Any Status: New Severity: Affects Only Me Priority: --- Component: Individual Port(s) Assignee: freebsd-ports-bugs@FreeBSD.org Reporter: luca.corti@infinito.it CC: christer.edwards@gmail.com Flags: maintainer-feedback?(christer.edwards@gmail.com) CC: christer.edwards@gmail.com Hi, This is more of a feature request, but... Salt does no privilege separation and runs as root. For the minion root privileges are needed to perform most of its duties, so this is probably not solvable unless some form of privilege separation is applied upstream. For the master on the other hand, which is a network daemon makes this look quite bad. Fortunately the master supports non-root operation and is probably easy to make it run like that. So, it would be cool to have an option in rc.conf for enabling execution of the master. Ideally, this should be the default. See: https://github.com/saltstack/salt/issues/5249 https://github.com/saltstack/salt/issues/6746 -- You are receiving this mail because: You are the assignee for the bug.