Add chahgelogs for #64141 and #64158

changelog/64141.fixed.md

@@ -0,0 +1 @@
+Make salt user's home /opt/saltstack/salt

changelog/64158.fixed.md

@@ -0,0 +1 @@
+Salt minion runs with salt group permissions

pkg/debian/salt-common.preinst

@@ -17,11 +17,11 @@ case "$1" in
     # 3. create user if not existing
     if ! getent passwd | grep -q "^$SALT_USER:"; then
       echo -n "Adding system user $SALT_USER.."
-      adduser --quiet \
+      useradd --quiet \
               --system \
-              --ingroup $SALT_GROUP \
               --no-create-home \
-              --disabled-password \
+              -s /sbin/nologin
+              -g $SALT_GROUP \
               $SALT_USER 2>/dev/null || true
       echo "..done"
     fi

pkg/rpm/salt.spec

@@ -381,9 +381,9 @@ test -d %{_SALT_HOME} || mkdir -p %{_SALT_HOME}
 # 3. create user if not existing
 #         -g %{_SALT_GROUP} \
 if ! getent passwd | grep -q "^%{_SALT_USER}:"; then
-  adduser --system \
+  useradd --system \
           --no-create-home \
-          -s /sbin/nlogin \
+          -s /sbin/nologin \
           -g %{_SALT_GROUP} \
           %{_SALT_USER} 2>/dev/null || true
 fi

pkg/tests/integration/test_salt_user.py

@@ -28,7 +28,9 @@ def test_salt_user_home(install_salt):
     """
     Test the correct user is running the Salt Master
     """
-    proc = subprocess.run(["getent", "salt"], check=False, capture_output=True)
+    proc = subprocess.run(
+        ["getent", "passwd", "salt"], check=False, capture_output=True
+    )
     assert proc.returncode == 0
     home = ""
     try:
@@ -47,7 +49,7 @@ def test_salt_user_group(install_salt):
     in_group = False
     try:
         for group in proc.stdout.decode().split(" "):
-            if group == "salt":
+            if "salt" in group:
                 in_group = True
     except:
         pass