Hi Antony, On Mon, Feb 12, 2024 at 3:37 PM Mark Reynolds <[email protected]> wrote:
> Forwarding to the correct list.... > > > -------- Forwarded Message -------- > Subject: dscontainer as non root > Date: Mon, 12 Feb 2024 20:01:09 +0530 > From: Antony Jose <[email protected]> <[email protected]> > To: [email protected] > > Hi, > Can we run dscontainer as non root process. I have deployed dscontainer on > k8s cluster as root user. However running as root user is not the best > security practice. Is there a tested way we can reliably run ds389 as non > root user. I tried tweaking security policies to use a non root user. > However, I get errors during dscontainer start up. > dscontainer certainly can run as non-root user, in the doc that you linked there is a securityContext section with runAsUser and fsGroup values that are set to 389, which is dirsrv user. Can you share errors that you get? Thanks. > > Took inspiration from this doc > https://www.port389.org/docs/389ds/howto/howto-deploy-389ds-on-openshift.html > > > Regards > Antony > -- > _______________________________________________ > 389-users mailing list -- [email protected] > To unsubscribe send an email to [email protected] > Fedora Code of Conduct: > https://docs.fedoraproject.org/en-US/project/code-of-conduct/ > List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines > List Archives: > https://lists.fedoraproject.org/archives/list/[email protected] > Do not reply to spam, report it: > https://pagure.io/fedora-infrastructure/new_issue > -- Viktor
-- _______________________________________________ 389-users mailing list -- [email protected] To unsubscribe send an email to [email protected] Fedora Code of Conduct: https://docs.fedoraproject.org/en-US/project/code-of-conduct/ List Guidelines: https://fedoraproject.org/wiki/Mailing_list_guidelines List Archives: https://lists.fedoraproject.org/archives/list/[email protected] Do not reply to spam, report it: https://pagure.io/fedora-infrastructure/new_issue
