Adjust minion PKI permissions

Needed for non-root Syndic operation. Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
2023-02-01 22:48:16 +01:00 · 2023-02-01 22:48:16 +01:00 · 1c0551755f
commit 1c0551755f
parent 2a7a9decee
1 changed files with 8 additions and 4 deletions
--- a/salt/minion.sls
+++ b/salt/minion.sls
@ -220,14 +220,16 @@ salt-minion-pki-dir:
    - name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
 {% endif %}
    - user: {{ salt_settings.rootuser }}
-    - group:
+    - group: salt
+{#
        {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
        wheel
        {%- else %}
        {{ salt_settings.rootgroup }}
        {%- endif %}
+#}
    {%- if grains['kernel'] != 'Windows' %}
-    - mode: 700
+    - mode: 750
    {% endif %}
    - makedirs: True

@ -239,14 +241,16 @@ permissions-minion.pem:
    - name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
 {% endif %}
    - user: {{ salt_settings.rootuser }}
-    - group:
+    - group: salt
+{#
        {%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
        wheel
        {%- else %}
        {{ salt_settings.rootgroup }}
        {%- endif %}
+#}
    {%- if grains['kernel'] != 'Windows' %}
-    - mode: 400
+    - mode: 440
    {% endif %}
    - replace: False
    - require: