-
Notifications
You must be signed in to change notification settings - Fork 372
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
etcd fails to start as non-root #219
Milestone
Comments
also |
makes sense, according to this security guidance: https://docs.datadoghq.com/security_monitoring/default_rules/cis-kubernetes-1.5.1-1.1.12/ |
ncopa
added a commit
that referenced
this issue
Oct 26, 2020
We need to create the /var/lib/mke directory early with the correct permissions. Otherwise will the directory be created while creating the etcd datadir with the etcd data dir permissions, will make the directory unreadable by etcd user. Also set the correct owner of etcd user. Fixes #219 Signed-off-by: Natanael Copa <ncopa@mirantis.com>
ncopa
added a commit
that referenced
this issue
Oct 28, 2020
We need to create the /var/lib/mke directory early with the correct permissions. Otherwise will the directory be created while creating the etcd datadir with the etcd data dir permissions, will make the directory unreadable by etcd user. Set the correct owner of etcd directories and files. Use mode 0751 for certificate root dir. This certificates in this directory needs to be accessible from all mke processes, but they dont need to read the contents of the directory. Fixes #219 Signed-off-by: Natanael Copa <ncopa@mirantis.com>
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
etcd
fails to start if there is a system useretcd
on system, due to wrong permissions:I think the perms are wron on both the directory and the binary:
The text was updated successfully, but these errors were encountered: