Salt home has world read and execute perms

2025-04-16 09:40:20 +00:00 · 2023-04-30 16:25:03 -07:00 · 2023-04-30 16:25:03 -07:00 · e00031c5e5
commit e00031c5e5
parent 6c66467269
3 changed files with 6 additions and 6 deletions
--- a/pkg/debian/salt-common.preinst
+++ b/pkg/debian/salt-common.preinst
@ -34,8 +34,7 @@ case "$1" in
    if ! dpkg-statoverride --list $SALT_HOME >/dev/null
    then
        chown -R $SALT_USER:$SALT_GROUP $SALT_HOME
-        # Tests fail when we remove world execute 
-        # chmod u=rwx,g=rwx,o= $SALT_HOME
+        chmod u=rwx,g=rwx,o=rx $SALT_HOME
    fi
  ;;
 esac
--- a/pkg/rpm/salt.spec
+++ b/pkg/rpm/salt.spec
@ -402,6 +402,7 @@ chown -R %{_SALT_USER}:%{_SALT_GROUP} %{_SALT_HOME}

 %post
 chown -R %{_SALT_USER}:%{_SALT_GROUP} %{_SALT_HOME}
+chmod u=rwx,g=rwx,o=rx %{_SALT_HOME}
 ln -s -f /opt/saltstack/salt/spm %{_bindir}/spm
 ln -s -f /opt/saltstack/salt/salt-pip %{_bindir}/salt-pip

--- a/pkg/tests/integration/test_salt_user.py
+++ b/pkg/tests/integration/test_salt_user.py
@ -28,8 +28,8 @@ def test_salt_user_home(install_salt):
    """
    Test the correct user is running the Salt Master
    """
-    proc = subprocess.run(["getent", "salt"], check=False, capture=True)
-    assert proc.exitcode() == 0
+    proc = subprocess.run(["getent", "salt"], check=False, capture_output=True)
+    assert proc.returncode == 0
    home = ""
    try:
        home = proc.stdout.decode().split(":")[5]
@ -42,8 +42,8 @@ def test_salt_user_group(install_salt):
    """
    Test the salt user is the salt group
    """
-    proc = subprocess.run(["id", "salt"], check=False, capture=True)
-    assert proc.exitcode() == 0
+    proc = subprocess.run(["id", "salt"], check=False, capture_output=True)
+    assert proc.returncode == 0
    in_group = False
    try:
        for group in proc.stdout.decode().split(" "):