Martin Emrich
Martin Emrich
I got it working: A small script _/usr/local/sbin/fix-salt-permissions.sh_ to open the permissions: ```` #!/bin/bash # wait for salt-master to start and reset permissions sleep 10 ## open up for non-root...
@OrangeDog I smell some cynism here (I am an avid cynic myself, so no worries...). Yes indeed, security-wise, even calling this slippery ground would be a euphemism. The first `chmod`...
Yes, the command is non-recursive, also in the docs. I took a look at /var/cache/salt as a non-root user: The sensitive files (mostly the `data.p` file for each minion) remain...
That was too early... A few hours later, our users (and I) can again no longer use `salt` CLI, all we get is `Authentication error occurred.` After restarting salt-master, it...
@luckylinux as the script runs from the salt-master unit, it is effectively run on every boot. (As all of this just fixes 2/3 of my issues, since then the salt...
@major0 As far as I see it, Salt is already using PAM (and most likely, at least implicitly through libc, NSS). But that's not a silver bullet. If you run...
@major0 As far as I can read the conversation here, the issue is not about checking group membership, but about authenticating users, and for that, the salt master (or rather...
I was just curious: salt indeed loads the actual libpam library, and uses (by default) the pam "login" service: https://github.com/saltstack/salt/blob/master/salt/auth/pam.py#L229 and (at least here on Debian 12), my `/etc/pam.d/login` contains...
Found the cause, described here: https://github.com/linux-pam/linux-pam/issues/112#issuecomment-491193418 tl;dr, as I understand it: Non-root-Users can only validate **themselves**. So if salt ran as user "salt", only the user "salt" could authenticate via...
I have the same issue, but I am confused now. Isn't the ruler storage also where all the time series for Recording Rules and various state is stored? That would...