mirror of
https://github.com/valitydev/salt.git
synced 2024-11-08 01:18:58 +00:00
The .salt directory should be owned by the ssh login user
Since the ssh login user is used to drop the deployment file they need write permissions, and since the login user can sudo they have rights to manage the salt runs. When salt runs as root it will still have access to said files. We still need more validation around the integrety of the passed files
This commit is contained in:
parent
c33049d438
commit
aa4bb77ef2
@ -79,7 +79,7 @@ SSH_SHIM = '''/bin/sh << 'EOF'
|
||||
exit 1
|
||||
fi
|
||||
echo "{1}"
|
||||
{{0}} install -m 1777 -d /tmp/.salt
|
||||
install -m 1700 -d /tmp/.salt
|
||||
echo "deploy"
|
||||
exit 1
|
||||
fi
|
||||
|
Loading…
Reference in New Issue
Block a user