salt: T2382: run as user minion

2 files changed, 23 insertions, 2 deletions

diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
new file mode 100644
index 000000000..a308401ee
--- /dev/null
+++ b/debian/vyos-1x.postinst
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+if ! deb-systemd-helper --quiet was-enabled salt-minion.service; then
+    # Enables the unit on first installation, creates new
+    # symlinks on upgrades if the unit file has changed.
+    deb-systemd-helper disable salt-minion.service >/dev/null || true
+fi
+
+if [ -x "/etc/init.d/salt-minion" ]; then
+    update-rc.d -f salt-minion remove >/dev/null
+fi
+
+# Add minion user for salt-minion
+if ! grep -q '^minion' /etc/passwd; then
+    adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg --gecos "salt minion user" --shell /bin/vbash minion
+    adduser --quiet minion frrvty
+    adduser --quiet minion sudo
+    adduser --quiet minion adm
+    adduser --quiet minion dip
+    adduser --quiet minion disk
+    adduser --quiet minion users
+fi
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py
index 515019014..dffe7fcd4 100755
--- a/src/conf_mode/salt-minion.py
+++ b/src/conf_mode/salt-minion.py
@@ -33,8 +33,8 @@ default_config_data = {
     'hash': 'sha256',
     'log_level': 'warning',
     'master' : 'salt',
-    'user': 'nobody',
-    'group': 'nogroup',
+    'user': 'minion',
+    'group': 'vyattacfg',
     'salt_id': gethostname(),
     'mine_interval': '60',
     'verify_master_pubkey_sign': 'false',