Skip to content

salt-call and salt-pip honor configured user #68685

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
dwoz wants to merge 11 commits into
base: 3006.x
Choose a base branch
from
Open

salt-call and salt-pip honor configured user #68685

dwoz wants to merge 11 commits into from

Conversation

@dwoz
Copy link
Contributor

@dwoz dwoz commented Feb 5, 2026

Fixes #68684

  • Ensure salt-call drops privileges to the configured 'user' to prevent root-owned cache files.
  • Add --priv flag to salt-call for explicit user switching.
  • Update sudo executor to use --priv to maintain sudo_user context.
  • Ensure salt-pip drops privileges to the configured 'user' before package installation.
  • Add unit and integration tests for privilege dropping and file ownership.

@dwoz dwoz requested a review from a team as a code owner February 5, 2026 09:00
@dwoz dwoz added the test:full Run the full test suite label Feb 5, 2026
@dwoz dwoz changed the title salt-call and salt-pip honor configured user [wip] salt-call and salt-pip honor configured user Feb 5, 2026
dwoz added 2 commits February 11, 2026 03:41
@dwoz
Fix RPM posttrans ownership detection order
83d3243 
The upgrade path was checking /var/run first, which may be tmpfs that
gets cleared or recreated during package operations. This caused the
scriptlet to detect root:root ownership instead of the actual configured
ownership (e.g., salt:salt).

Changes:
- Check persistent directories first: /var/cache then /etc/salt/pki
- Check /var/run last as it may be tmpfs
- Change minion default fallback from salt:salt to root:root (matches
  actual default runtime user for minion)
- Keep master/syndic/api default fallback as salt:salt (correct for them)

This ensures ownership detection uses stable, persistent directories
that won't be affected by tmpfs or package installation side effects.
@dwoz
Fix RPM ownership preservation using %pre to save ownership
2241c3d 
The previous approach of detecting ownership in %posttrans failed because
RPM had already installed files with root:root (from %defattr) by the time
%posttrans ran.

New approach:
- %pre scriptlet (runs BEFORE files are installed):
  * Detects current ownership from persistent directories
  * Saves to /tmp/.salt-{package}-upgrade-ownership
- %posttrans scriptlet (runs AFTER files are installed):
  * Reads saved ownership from temp file
  * Restores ownership to all directories
  * Cleans up temp file

Applied to all packages: minion, master, syndic, cloud

This ensures ownership is captured before RPM overwrites directories,
then correctly restored after the new files are in place.
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@twangboy twangboy twangboy left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

test:full Run the full test suite

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@dwoz @twangboy