st2auth should run as root

[martijn-dekkers]

as per https://stackstorm-community.slack.com/archives/community/p1456739781004524
st2auth should run as root to work with PAM

[dennybaa]

@cynaptic-mdekkers hey there. I'm not sure that it's a good idea. Rather than running anything as root there probably should be PAM configuration for st2auth service similar to those other software is using http://linux.die.net/man/5/pam.d.

For example default samba example:

#%PAM-1.0
auth       sufficient   /lib/security/pam_ldap.so
auth       required     /lib/security/pam_unix_auth.so try_first_pass 
account    sufficient   /lib/security/pam_ldap.so
account    required     /lib/security/pam_unix_acct.so

[arm4b]

@dennybaa I guess this is solved via #205 ?

If yes, is it available only in 1.4dev package or ready in 1.3.2 package as well?

[dennybaa]

@armab I don't think it solves the PAM problem, #205 doesn't change that we still run st2auth in the same way as unprivileged user st2.

[karthi81]

I am creating the ssh trust keys then doing lot of stuff(rsync, creating file system, etc using python) and ssh trust keys created under normal user, for example /users/tony/.ssh but when I call the same function via st2 from tony login, then ssh keys are creating under root. I could not figure out that why is creating keys under root user. Can someone help me to understand the issue?

[arm4b]

@karthi81 I guess your issue related to StackStorm/st2#3298.
That's because st2actionrunner service is executed by root.