salt/pkg/suse/README.suse

Salt-master as non-root user
============================

With this version of salt the salt-master will run as salt user.

Why an extra user
=================

While the current setup runs the master as root user, this is considered a security issue
and not in line with the other configuration management tools (eg. puppet) which runs as a
dedicated user. 

How can I undo the change
=========================

If you would like to make the change before you can do the following steps manually:
1. change the user parameter in the master configuration
   user: root
2. update the file permissions:
   as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt
3. restart the salt-master daemon:
   as root: rcsalt-master restart or systemctl restart salt-master

NOTE
====

Running the salt-master daemon as a root user is considers by some a security risk, but
running as root, enables the pam external auth system, as this system needs root access to check authentication.

For more information:
http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html
update suse spec file to 2015.8.1 2015-10-18 10:24:09 +00:00			`Salt-master as non-root user`
			`============================`
updated salt.spec file for suse update 0.15.90 Improved salt init files to match fedora package These could be merged into one. replaced service files for symlinks to match fedora package added README.suse to reflect package names for addition python modules 2013-06-22 06:03:28 +00:00
update suse spec file to 2015.8.1 2015-10-18 10:24:09 +00:00			`With this version of salt the salt-master will run as salt user.`
updated salt.spec file for suse update 0.15.90 Improved salt init files to match fedora package These could be merged into one. replaced service files for symlinks to match fedora package added README.suse to reflect package names for addition python modules 2013-06-22 06:03:28 +00:00
update suse spec file to 2015.8.1 2015-10-18 10:24:09 +00:00			`Why an extra user`
			`=================`

			`While the current setup runs the master as root user, this is considered a security issue`
			`and not in line with the other configuration management tools (eg. puppet) which runs as a`
			`dedicated user.`

			`How can I undo the change`
			`=========================`

			`If you would like to make the change before you can do the following steps manually:`
			`1. change the user parameter in the master configuration`
			`user: root`
			`2. update the file permissions:`
			`as root: chown -R root /etc/salt /var/cache/salt /var/log/salt /var/run/salt`
			`3. restart the salt-master daemon:`
			`as root: rcsalt-master restart or systemctl restart salt-master`

			`NOTE`
			`====`

			`Running the salt-master daemon as a root user is considers by some a security risk, but`
			`running as root, enables the pam external auth system, as this system needs root access to check authentication.`

			`For more information:`
Merge branch '2015.8' into '2016.3' Conflicts: - Contributing.rst - conf/master - doc/index.rst - doc/man/salt.7 - pkg/suse/README.suse - salt/client/ssh/state.py - salt/minion.py - salt/modules/zypper.py - salt/utils/schedule.py - tests/unit/modules/zypper_test.py 2016-03-02 17:26:13 +00:00			`http://docs.saltstack.com/en/latest/ref/configuration/nonroot.html`
updated salt.spec file for suse update 0.15.90 Improved salt init files to match fedora package These could be merged into one. replaced service files for symlinks to match fedora package added README.suse to reflect package names for addition python modules 2013-06-22 06:03:28 +00:00