Minion keys don't map to user perms #4287

thatch45 opened this Issue Mar 26, 2013 · 0 comments


None yet

1 participant


When a minion is started as a non-root user the keys are generated the first time as root and then can't read the keys.

I have tracked this issue to a bug in SaltStack which only occurs when
you are doing ALL of the following:
1) This is the very first time you have started up a minion and
no prior authentication with the saltmaster has taken place,
2) You are distributing your Salt modules using the built in
salt command like "salt some-cloud-vm saltutil.sync_modules",
3) You are running the minion as non-root user.

The real cause of the problem is that the minion generates and creates
its key files as root on its first authentication encounter with the
master. It then changes to vroot/oemroot and can no longer read the
private key it previously generated. This problem only manifests itself
with module distribution and not normal salt commands

@thatch45 thatch45 added a commit that closed this issue Apr 27, 2013
@thatch45 thatch45 Fix #4287 55d303d
@thatch45 thatch45 closed this in 55d303d Apr 27, 2013
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment