Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Investigate what user Krane processes should run as #19

Open
david-castaneda opened this issue Aug 24, 2020 · 2 comments
Open

Investigate what user Krane processes should run as #19

david-castaneda opened this issue Aug 24, 2020 · 2 comments
Labels
security Something looks like a security risk
Projects
Krane
Milestone
0.5.0

Comments

@david-castaneda
Copy link
Member

david-castaneda commented Aug 24, 2020
edited

Currently, Krane processes run as root. We should investigate and document what the best roles for these types of processes should be. Maybe its root?

Screen Shot 2020-08-24 at 10 55 41 AM
@david-castaneda david-castaneda added enhancement New feature or request security Something looks like a security risk and removed enhancement New feature or request labels Aug 24, 2020
@david-castaneda david-castaneda added this to To do in Krane Aug 24, 2020
@david-castaneda david-castaneda added this to the 0.5.0 milestone Aug 24, 2020
Krane automation moved this from To do to Done Dec 7, 2020
@jalvarado91
Copy link

So is it root? Could look at how nginx is recommended to be installed.

@david-castaneda
Copy link
Member Author

david-castaneda commented Dec 8, 2020
edited

@jalvarado91 Probaby shouldn't run as root.

It could run under the user krane as an unprivileged user. Any dependencies should be pre-defined before startup.

For example, the db directory is currently created by Krane if it doesn't exist (since its running as root), instead, the db directory should be defined inside the Dockerfile or an install script, creating it if it doesn't already exist.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
security Something looks like a security risk
Projects
Krane
  
Done
Milestone
0.5.0
Development

No branches or pull requests
2 participants
@jalvarado91 @david-castaneda