The .salt directory should be owned by the ssh login user

Since the ssh login user is used to drop the deployment file they need write permissions, and since the login user can sudo they have rights to manage the salt runs. When salt runs as root it will still have access to said files. We still need more validation around the integrety of the passed files
2024-11-08 09:23:56 +00:00 · 2013-10-12 09:57:48 -06:00 · 2013-10-12 09:57:48 -06:00 · aa4bb77ef2
commit aa4bb77ef2
parent c33049d438
1 changed files with 1 additions and 1 deletions
--- a/salt/client/ssh/init.py
+++ b/salt/client/ssh/init.py
@ -79,7 +79,7 @@ SSH_SHIM = '''/bin/sh << 'EOF'
            exit 1
         fi
         echo "{1}"
-         {{0}} install -m 1777 -d /tmp/.salt
+         install -m 1700 -d /tmp/.salt
         echo "deploy"
         exit 1
      fi