Welcome to the Linux Foundation Forum!

Practicing skills point 33 review6.yaml

What is the idea behind finding the correct nginx uid and fixing the pod? If I changed the security context to 101(nginx uid) it still fails.

Comments

  • juampynrjuampynr Posts: 2

    I think that it is about setting the uid to root so it can boot. I did set both user and group to 0 (root) and then the pod would run successfully.

  • serewiczserewicz Posts: 803

    Hello,

    Indeed, sometimes changing the UID may be an answer, but then the application running inside the container would fail. As a result you may have to change the security context. Security context may be set via an admission controller, not the developer of the application, which may then conflict with the way the container was configured. As a result one or the other would need to be modified if the goal is to have the pod running.

    Regards,

  • I'm still a bit confused about the answer given above, do they really mean just changing runAsUser to root id=0), that easy.
    Question 33 and 34:
    33. After finding the errors, log into the container and find the proper id of the nginx use.
    34. Edit the pod such that the securityContext is in place and allows the web server to read the proper configuration files.

    Why do they say "find the proper id of the nginx use"? Once I get container running by using root, I see that id of nginx is 101

    Using runAsUser 101 to start pod/container fails with:
    2021/01/16 23:41:41 [warn] 1#1: the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
    nginx: [warn] the "user" directive makes sense only if the master process runs with super-user privileges, ignored in /etc/nginx/nginx.conf:2
    2021/01/16 23:41:41 [emerg] 1#1: mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)
    nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

    I just want to be sure I understand correctly.
    I hope somebody can clarify this for me.

    Regards,

Sign In or Register to comment.