2
0

Adjust minion PKI permissions

Needed for non-root Syndic operation.

Signed-off-by: Georg Pfuetzenreuter <mail@georg-pfuetzenreuter.net>
This commit is contained in:
Georg Pfuetzenreuter 2023-02-01 22:48:16 +01:00
parent 2a7a9decee
commit 1c0551755f
Signed by: Georg
GPG Key ID: 1ED2F138E7E6FF57

View File

@ -220,14 +220,16 @@ salt-minion-pki-dir:
- name: {{ salt_settings.config_path | path_join('pki', 'minion') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
- group: salt
{#
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
{{ salt_settings.rootgroup }}
{%- endif %}
#}
{%- if grains['kernel'] != 'Windows' %}
- mode: 700
- mode: 750
{% endif %}
- makedirs: True
@ -239,14 +241,16 @@ permissions-minion.pem:
- name: {{ salt_settings.config_path | path_join('pki', 'minion', 'minion.pem') }}
{% endif %}
- user: {{ salt_settings.rootuser }}
- group:
- group: salt
{#
{%- if grains['kernel'] in ['FreeBSD', 'OpenBSD', 'NetBSD'] %}
wheel
{%- else %}
{{ salt_settings.rootgroup }}
{%- endif %}
#}
{%- if grains['kernel'] != 'Windows' %}
- mode: 400
- mode: 440
{% endif %}
- replace: False
- require: