Saltstack实战配置client_acl

client_acl:
# Allow thatch to execute anything.
thatch:
- .*
# Allow fred to use test and pkg, but only on "web*" minions.
fred:
- web*:
- test.*
- pkg.*

[root@linux-node1 pillar]# vim /etc/salt/master  打开注释并修改用户名
client_acl:
oldboy:
- test.ping
- network.*
[root@linux-node1 pillar]# chmod 755 /var/cache/salt /var/cache/salt/master /var/cache/salt/master/jobs /var/run/salt /var/run/salt/master
[root@linux-node1 pillar]# chmod 777 /var/log/salt/master
[root@linux-node1 pillar]# /etc/init.d/salt-master restart
[root@linux-node1 pillar]# su - oldboy
[oldboy@linux-node1 ~]$ salt '*' test.ping
linux-node2.example.com:
True
linux-node1.example.com:
True
[oldboy@linux-node1 ~]$ salt '*' cmd.run 'w'
Failed to authenticate! This is most likely because this user is not permitted to execute commands, but there is a small possibility that a disk error occurred (check disk/inode usage).