File run-salt-master-as-dedicated-salt-user.patch of Package salt.16897
From 497acb852b0d4519984d981dfefdc0848c3e4159 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Klaus=20K=C3=A4mpf?= <kkaempf@suse.de>
Date: Wed, 20 Jan 2016 11:01:06 +0100
Subject: [PATCH] Run salt master as dedicated salt user
* Minion runs always as a root
---
 conf/master               | 3 ++-
 pkg/salt-common.logrotate | 2 ++
 2 files changed, 4 insertions(+), 1 deletion(-)
diff --git a/conf/master b/conf/master
index ce2e26872a..22a4a7bdb4 100644
--- a/conf/master
+++ b/conf/master
@@ -25,7 +25,8 @@
 # permissions to allow the specified user to run the master. The exception is
 # the job cache, which must be deleted if this user is changed. If the
 # modified files cause conflicts, set verify_env to False.
-#user: root
+user: salt
+syndic_user: salt
 
 # Tell the master to also use salt-ssh when running commands against minions.
 #enable_ssh_minions: False
diff --git a/pkg/salt-common.logrotate b/pkg/salt-common.logrotate
index 3cd002308e..0d99d1b801 100644
--- a/pkg/salt-common.logrotate
+++ b/pkg/salt-common.logrotate
@@ -1,4 +1,5 @@
 /var/log/salt/master {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
@@ -15,6 +16,7 @@
 }
 
 /var/log/salt/key {
+	su salt salt
 	weekly
 	missingok
 	rotate 7
-- 
2.16.4