From 9d259f37d9cbd0acb84f39ce5bdaf350d8cb5c4e Mon Sep 17 00:00:00 2001
From: Megan Wilhite <mwilhite@vmware.com>
Date: Thu, 6 Apr 2023 13:21:30 -0600
Subject: [PATCH] User salt user/group for running salt-master

---
 conf/master             | 2 +-
 pkg/rpm/salt.spec       | 7 +++++++
 salt/config/__init__.py | 2 +-
 3 files changed, 9 insertions(+), 2 deletions(-)

diff --git a/conf/master b/conf/master
index f542051d762..404976fb9db 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,7 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+#user: salt
 
 # Tell the master to also use salt-ssh when running commands against minions.
 #enable_ssh_minions: False
diff --git a/pkg/rpm/salt.spec b/pkg/rpm/salt.spec
index f644c404c95..08610ad73a6 100644
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@@ -320,6 +320,13 @@ rm -rf %{buildroot}
 %{_bindir}/salt-ssh
 %config(noreplace) %{_sysconfdir}/salt/roster
 
+# Add salt user/group for Salt Master
+%pre master
+getent group salt >/dev/null || groupadd -r salt
+getent passwd salt >/dev/null || \
+    #useradd -r -g salt -d HOMEDIR -s /sbin/nologin \
+    useradd -r -g salt -s /sbin/nologin \
+    -c "Salt user for Salt Master" salt
 
 # assumes systemd for RHEL 7 & 8 & 9
 %preun master
diff --git a/salt/config/__init__.py b/salt/config/__init__.py
index 16326634749..f8d48c9ecc1 100644
--- a/salt/config/__init__.py
+++ b/salt/config/__init__.py
@@ -75,7 +75,7 @@ else:
     _DFLT_IPC_MODE = "ipc"
     _DFLT_FQDNS_GRAINS = False
     _MASTER_TRIES = 1
-    _MASTER_USER = salt.utils.user.get_user()
+    _MASTER_USER = "salt"
 
 
 def _gather_buffer_space():