User salt user/group for running salt-master

2025-04-15 09:10:20 +00:00 · 2023-04-06 13:21:30 -06:00 · 2023-04-06 13:21:30 -06:00 · 9d259f37d9
commit 9d259f37d9
parent d165b320b1
3 changed files with 9 additions and 2 deletions
--- a/conf/master
+++ b/conf/master
@ -25,7 +25,7 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+#user: salt

 # Tell the master to also use salt-ssh when running commands against minions.
 #enable_ssh_minions: False
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@ -320,6 +320,13 @@ rm -rf %{buildroot}
 %{_bindir}/salt-ssh
 %config(noreplace) %{_sysconfdir}/salt/roster

+# Add salt user/group for Salt Master
+%pre master
+getent group salt >/dev/null || groupadd -r salt
+getent passwd salt >/dev/null || \
+    #useradd -r -g salt -d HOMEDIR -s /sbin/nologin \
+    useradd -r -g salt -s /sbin/nologin \
+    -c "Salt user for Salt Master" salt

 # assumes systemd for RHEL 7 & 8 & 9
 %preun master
--- a/salt/config/init.py
+++ b/salt/config/init.py
@ -75,7 +75,7 @@ else:
    _DFLT_IPC_MODE = "ipc"
    _DFLT_FQDNS_GRAINS = False
    _MASTER_TRIES = 1
-    _MASTER_USER = salt.utils.user.get_user()
+    _MASTER_USER = "salt"


 def _gather_buffer_space():