Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Containers not running as root (Informational) #68

Open
fordth opened this issue Sep 12, 2023 · 2 comments
Open

Containers not running as root (Informational) #68

fordth opened this issue Sep 12, 2023 · 2 comments

Comments

@fordth
Copy link
Contributor

fordth commented Sep 12, 2023

Dockerfile images that contain something of the following so within the container is run as non root user:
RUN adduser -u 5678 --disabled-password --gecos "" appuser && chown -R appuser /app

This will cause the kerberos client inside the container to not have access to the TGT created on the host by credentials-fetcher.
@saikiranakula-amzn
Copy link
Collaborator

Hi fordth, was the issue about ticket not getting shared between container and host / ticket not getting updated on renewal?

@fordth
Copy link
Contributor Author

fordth commented Sep 12, 2023

Hi fordth, was the issue about ticket not getting shared between container and host / ticket not getting updated on renewal?

It was getting shared, but the TGT file had a -rw------- permission. Since the container was running as non root, the container couldnt access the contents. Not a bug, but just wanted it to be known that when a container runs as non root, it couldnt access the TGT file.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@fordth @saikiranakula-amzn