Bug#690481: Fails to run jobs when salt-master run as non-root

Sun, 14 Oct 2012 12:00:14 -0700 

Package: salt-master
Version: 0.10.1-3
Severity: normal

When run as non-root (salt.salt in my case), and after chown'ing
/var/cache/salt, I cannot execute remote commands. The reason is
that an invocation like

  # salt '*' test.ping

creates e.g. /var/cache/salt/jobs/21/d27b4d159604e99d5727ca6abad0fd
as root. When salt-master now tries to run this job, it fails to
create a moniker in that directory:

  Traceback (most recent call last):
    File "/usr/lib/python2.7/multiprocessing/process.py", line 258, in 
_bootstrap
      self.run()
    File "/usr/lib/python2.7/dist-packages/salt/master.py", line 416, in run
      self.__bind()
    File "/usr/lib/python2.7/dist-packages/salt/master.py", line 354, in __bind
      ret = self.serial.dumps(self._handle_payload(payload))
    File "/usr/lib/python2.7/dist-packages/salt/master.py", line 377, in 
_handle_payload
      'clear': self._handle_clear}[key](load)
    File "/usr/lib/python2.7/dist-packages/salt/master.py", line 384, in 
_handle_clear
      return getattr(self.clear_funcs, load['cmd'])(load)
    File "/usr/lib/python2.7/dist-packages/salt/master.py", line 1122, in 
publish
      open(os.path.join(jid_dir, '.load.p'), 'w+')
  IOError: [Errno 13] Permission denied: 
'/var/cache/salt/jobs/21/d27b4d159604e99d5727ca6abad0fd/.load.p'

I do not quite understand why salt/salt-master are using the
filesystem for IPC instead of the sockets in /tmp/salt-unix, and
what those sockets are for if they are not being used for client
communications.

-- System Information:
Debian Release: wheezy/sid
  APT prefers unstable
  APT policy: (500, 'unstable'), (1, 'experimental')
Architecture: amd64 (x86_64)

Kernel: Linux 3.2.0-3-amd64 (SMP w/8 CPU cores)
Locale: LANG=en_NZ, LC_CTYPE=en_NZ.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/dash


-- 
 .''`.   martin f. krafft <[email protected]>      Related projects:
: :'  :  proud Debian developer               http://debiansystem.info
`. `'`   http://people.debian.org/~madduck    http://vcs-pkg.org
  `-  Debian - when you have better things to do than fixing systems

Attachment: digital_signature_gpg.asc
Description: Digital signature (see http://martin-krafft.net/gpg/sig-policy/999bbcc4/current)

Reply via email to