summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorChristian Poessinger <christian@poessinger.com>2020-04-26 12:00:29 +0200
committerChristian Poessinger <christian@poessinger.com>2020-04-26 12:00:29 +0200
commit8fd8a4cb3226e64421446a50f28b0a010ee77234 (patch)
tree08433f8dea85871437e70c973dfefd1f25df9ca5
parenta26a5a3d7dac6127f8ab2e910f8b88fb8b5d75ec (diff)
downloadvyos-1x-8fd8a4cb3226e64421446a50f28b0a010ee77234.tar.gz
vyos-1x-8fd8a4cb3226e64421446a50f28b0a010ee77234.zip
salt: T2382: run as user minion
-rw-r--r--debian/vyos-1x.postinst21
-rwxr-xr-xsrc/conf_mode/salt-minion.py4
2 files changed, 23 insertions, 2 deletions
diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst
new file mode 100644
index 000000000..a308401ee
--- /dev/null
+++ b/debian/vyos-1x.postinst
@@ -0,0 +1,21 @@
+#!/bin/sh -e
+if ! deb-systemd-helper --quiet was-enabled salt-minion.service; then
+ # Enables the unit on first installation, creates new
+ # symlinks on upgrades if the unit file has changed.
+ deb-systemd-helper disable salt-minion.service >/dev/null || true
+fi
+
+if [ -x "/etc/init.d/salt-minion" ]; then
+ update-rc.d -f salt-minion remove >/dev/null
+fi
+
+# Add minion user for salt-minion
+if ! grep -q '^minion' /etc/passwd; then
+ adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg --gecos "salt minion user" --shell /bin/vbash minion
+ adduser --quiet minion frrvty
+ adduser --quiet minion sudo
+ adduser --quiet minion adm
+ adduser --quiet minion dip
+ adduser --quiet minion disk
+ adduser --quiet minion users
+fi
diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py
index 515019014..dffe7fcd4 100755
--- a/src/conf_mode/salt-minion.py
+++ b/src/conf_mode/salt-minion.py
@@ -33,8 +33,8 @@ default_config_data = {
'hash': 'sha256',
'log_level': 'warning',
'master' : 'salt',
- 'user': 'nobody',
- 'group': 'nogroup',
+ 'user': 'minion',
+ 'group': 'vyattacfg',
'salt_id': gethostname(),
'mine_interval': '60',
'verify_master_pubkey_sign': 'false',