Non-root user - permissions for /srv/ directory
772 views
Skip to first unread message
Jon Langemak
Mar 8, 2017, 11:18:26 PM3/8/17
to Salt-users
Hi all - it's been sometime since I used salt and now that Im back at it I've moved from CentOS to Ubuntu. On CentOS i had logged in as root to do my work (I know) so I never had any issues running salt. Howeevr, now that Im using Ubuntu I need to sudo just to edit the state files as my normal user. I dont mind needing to sudo to actually run the states (use the salt command), but the fact that I need to sudo just to edit my state files in /srv/ is rather annoying. What Im wondering is if it's OK for me to chown the /srv/ directory over to my user. Im hoping that doing so would allow me to edit the state files without having to sudo.
Has anyone done this? I cant think of a reason not to but I'm also not interested in causing issues with this install
Thanks for your input
Viet Hung Nguyen
Mar 8, 2017, 11:41:27 PM3/8/17
to Salt-users
Files are unnecessary to be in /srv. You can config salt to use it from where you want. So you can let salt files in your home dir and edit as normal. Have a look at config file_roots
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+unsubscribe@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/salt-users/d5ce2808-7b8f-4932-b6f9-d8379c629265%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Pandu Poluan
Mar 9, 2017, 5:34:44 AM3/9/17
to Salt-users
My salt state & pillar files are all under /srv/salt, and I chown /srv/salt and its children to pepoluan:devops, then chmod 0664 the whole thing. (In addition, I also chmod g+s to make the group ownership sticky)
I also apply setfacl to ensure that new directories and files belong to the devops group.
No problem at all, since root can see EVERYTHING even if a file is mode 0600.
Rgds,
--
BKeep
Mar 9, 2017, 10:02:24 PM3/9/17
to Salt-users
I do chmod 2770 on /srv, /srv/salt etc directories and set a dev group, which I then add my users to. I also use the SaltStack ACL system so I don't have to use sudo and can run salt .... as myself
Mircea Ulinic
Mar 10, 2017, 2:29:15 AM3/10/17
to Salt-users
Hi Jon,
If I not misunderstood your question, this executor module seems to do what you would need:
https://docs.saltstack.com/en/latest/ref/executors/all/salt.executors.sudo.html
https://docs.saltstack.com/en/latest/ref/executors/all/salt.executors.sudo.html
--
You received this message because you are subscribed to the Google Groups "Salt-users" group.
To unsubscribe from this group and stop receiving emails from it, send an email to salt-users+...@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages