salt: Saltstack not working without admin rights
Description of Issue
When I run saltstack with admin rights it works.
But if I run saltstack without admin rights, I have the following issue:
{%- from 'salt/utils/init.jinja' import init with context %} <======================
{%- from 'salt/core/git/map.jinja' import git with context %}
{{ init(git, action='install') }}
Traceback (most recent call last):
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\templates.py", line 394, in render_jinja_tmpl
[...]
---
[CRITICAL] Rendering SLS 'salt:salt/core/git/install' failed: Jinja error: (1314, 'GetNamedSecurityInfo', 'Le client ne dispose pas d\u2019un privilège nécessaire.')
Traceback (most recent call last):
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\templates.py", line 394, in render_jinja_tmpl
output = template.render(**decoded_context)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\jinja2\environment.py", line 1008, in render
return self.environment.handle_exception(exc_info, True)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\jinja2\environment.py", line 780, in handle_exception
reraise(exc_type, exc_value, tb)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\jinja2\_compat.py", line 37, in reraise
raise value.with_traceback(tb)
File "<template>", line 10, in top-level template code
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\jinja.py", line 158, in get_source
self.check_cache(_template)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\jinja.py", line 119, in check_cache
self.cache_file(template)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\jinja.py", line 112, in cache_file
self.file_client().get_file(saltpath, '', True, self.saltenv)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\fileclient.py", line 1227, in get_file
fn_.close()
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\atomicfile.py", line 127, in close
source=self._filename, target=self._tmp_filename)
File "C:\VSCode-Anywhere\Apps\saltstack\bin\lib\site-packages\salt\utils\win_dacl.py", line 2013, in copy_security
source, obj_type_flag, security_flags)
pywintypes.error: (1314, 'GetNamedSecurityInfo', 'Le client ne dispose pas d\u2019un privilège nécessaire.')
GetNamedSecurityInfo needs to be run with admin rights
Steps to Reproduce Issue
I think just import from a jinja file like that :
{%- from 'xxx/xxx.jinja' import xxx with context %}
Versions Report
Salt Version:
Salt: 2019.2.2
Dependency Versions:
cffi: 1.12.2
cherrypy: 17.4.1
dateutil: 2.8.0
docker-py: Not Installed
gitdb: 2.0.6
gitpython: 2.1.10
ioflo: Not Installed
Jinja2: 2.10.1
libgit2: Not Installed
libnacl: 1.6.1
M2Crypto: Not Installed
Mako: 1.0.7
msgpack-pure: Not Installed
msgpack-python: 0.5.6
mysql-python: Not Installed
pycparser: 2.19
pycrypto: Not Installed
pycryptodome: 3.8.1
pygit2: Not Installed
Python: 3.5.4 (v3.5.4:3f56838, Aug 8 2017, 02:17:05) [MSC v.1900 64 bit (AMD64)]
python-gnupg: 0.4.4
PyYAML: 3.13
PyZMQ: 18.0.1
RAET: Not Installed
smmap: 2.0.5
timelib: 0.2.4
Tornado: 4.5.3
ZMQ: 4.3.1
System Versions:
dist:
locale: cp1252
machine: AMD64
release: 10
system: Windows
version: 10 10.0.18362 SP0 Multiprocessor Free
About this issue
- Original URL
- State: open
- Created 5 years ago
- Comments: 18 (9 by maintainers)
Yes, all rights are good for the minion_cache.
If I edit function copy_security in salt\utils\win_dacl.py file like below, it seems to works :
As shown in the error message, GetNamedSecurityInfo required an admin privilege.