From 8fd8a4cb3226e64421446a50f28b0a010ee77234 Mon Sep 17 00:00:00 2001 From: Christian Poessinger Date: Sun, 26 Apr 2020 12:00:29 +0200 Subject: salt: T2382: run as user minion --- debian/vyos-1x.postinst | 21 +++++++++++++++++++++ src/conf_mode/salt-minion.py | 4 ++-- 2 files changed, 23 insertions(+), 2 deletions(-) create mode 100644 debian/vyos-1x.postinst diff --git a/debian/vyos-1x.postinst b/debian/vyos-1x.postinst new file mode 100644 index 000000000..a308401ee --- /dev/null +++ b/debian/vyos-1x.postinst @@ -0,0 +1,21 @@ +#!/bin/sh -e +if ! deb-systemd-helper --quiet was-enabled salt-minion.service; then + # Enables the unit on first installation, creates new + # symlinks on upgrades if the unit file has changed. + deb-systemd-helper disable salt-minion.service >/dev/null || true +fi + +if [ -x "/etc/init.d/salt-minion" ]; then + update-rc.d -f salt-minion remove >/dev/null +fi + +# Add minion user for salt-minion +if ! grep -q '^minion' /etc/passwd; then + adduser --quiet --firstuid 100 --system --disabled-login --ingroup vyattacfg --gecos "salt minion user" --shell /bin/vbash minion + adduser --quiet minion frrvty + adduser --quiet minion sudo + adduser --quiet minion adm + adduser --quiet minion dip + adduser --quiet minion disk + adduser --quiet minion users +fi diff --git a/src/conf_mode/salt-minion.py b/src/conf_mode/salt-minion.py index 515019014..dffe7fcd4 100755 --- a/src/conf_mode/salt-minion.py +++ b/src/conf_mode/salt-minion.py @@ -33,8 +33,8 @@ default_config_data = { 'hash': 'sha256', 'log_level': 'warning', 'master' : 'salt', - 'user': 'nobody', - 'group': 'nogroup', + 'user': 'minion', + 'group': 'vyattacfg', 'salt_id': gethostname(), 'mine_interval': '60', 'verify_master_pubkey_sign': 'false', -- cgit v1.2.3