michaeljmarshall opened a new issue #8751: URL: https://github.com/apache/pulsar/issues/8751
**Is your enhancement request related to a problem? Please describe.** The image produced by pulsar unnecessarily runs as the root user. My company requires applications to run with the least privilege necessary, and the current pulsar docker images do not comply with that policy. **Describe the solution you'd like** Given that pulsar only needs privileges to read/write to/from certain directories, the [Dockerfile](https://github.com/apache/pulsar/blob/master/docker/pulsar/Dockerfile) should add a user with the appropriate level of permission, `chown` the appropriate directories, and then run as that user. **Describe alternatives you've considered** I don't see an alternative--Pulsar does not _need_ root privileges. **Additional context** Note that I want to deploy pulsar on a kubernetes cluster that has a pod security policy that prevents applications from running as root. Given that it is a good security principal to give applications the least permission possible, I see this enhancement as a way to make pulsar more secure and more easy to adopt for other organizations. ---------------------------------------------------------------- This is an automated message from the Apache Git Service. To respond to the message, please log on to GitHub and use the URL above to go to the specific comment. For queries about this service, please contact Infrastructure at: [email protected]
