Welcome to the Linux Foundation Forum!

Exercise 6.6: Domain Review

Options
pbbhaskar
pbbhaskar Posts: 15
edited February 2021 in LFD259 Class Forum
  1. After finding the errors, log into the container and find the proper id of the nginx user.

Did anyone figure out the proper ID of the nginx user?

Comments

  • serewicz
    serewicz Posts: 1,000
    Options

    Yes.

  • pbbhaskar
    Options

    @serewicz Can you tell me how you figured out the ID? I looked at the container logs. But I did not find any ID there. I finally used runAsUser: 0 (in place of runAsUser: 3000). That worked. But I read on the internet that this is not the best option.

  • levivb
    Options

    any solution to this? It seems one should run id nginx to get the proper id nginx is running under. But you can't execute commands in a container which fails to start in the first place

    me@cp1:~/k8s/lfs$ k exec securityreview -- id nginx
    error: unable to upgrade connection: container not found ("webguy")
    

    or should change the pod command to id nginx, run it once to get the pid, kill the pod, fix the yaml and re-apply?

  • serewicz
    serewicz Posts: 1,000
    Options

    Hello,

    The point of the reviews are to exercise and solidify what you have learned. If you cannot remember the process of looking for information I encourage you to revisit the content. Telling you, and others, what to type undoes the point of a review.

    In general, look at logs. Look at errors. In this case there is an obvious error. Reading and understanding this error should cause you to investigate what caused that error. How do we investigate an error? How would we compare and contrast against something without an error?

    Regards,

  • mkevinmchugh
    Options

    @levivb

    But to answer your question, you need to issue the "id nginx" command... but cannot reach the nginx container in the pod... b/c it isn't started.

    ... you can add busybox
    ... you can look in secondapp

    On my first cycle of RTM (Read The Manual) I did not go past the "ps aux". I suggest you read further down that "extra" reading page. You will find the "id" command... though not in that format (if I recall)

  • headkaze
    headkaze Posts: 15
    edited August 2022
    Options

    Check out this answer on stack overflow

  • marksmit
    marksmit Posts: 10
    Options

    @headkaze
    That is quite some solution and I see what is happening. But to me, it seems rather unrealistic that with the knowledge of the course so far one could come up with such a solution. I think the course should focus on kubernetes, not on nginx specialities. Or am I too narrow-minded then?

    The only solution I can come up with is to remove both securityContext parts. Then the container runs normally but without any security context. I failed to set the security context with the 101 ID.

    It would be nice if the chapter gave some information about the magical Linux user ID numbers. I found https://www.baeldung.com/linux/user-ids-reserved-values and now I know some more.

Categories

Upcoming Training