Welcome! Log In Create A New Profile

Advanced

Re: openshift-nginx docker image running as non-root

Francis Daly
May 04, 2016 05:52PM
On Wed, May 04, 2016 at 06:25:01PM -0300, Paulo Leal wrote:

Hi there,

Completely untested by me; and I've not used openshift or docker, but:

> I have been playing around with the
> https://github.com/nginxinc/openshift-nginx dockerfile and trying to find
> a way to run run nginx as non-root with openshift/k8/docker.
> I am currently getting the error:
> nginx: [alert] could not open error log file: open()
> "/var/log/nginx/error.log" failed (13: Permission denied)

That says that the user you run as cannot open that file.

ls -ld / /var /var/log /var/log/nginx
ls -l /var/log/nginx/error.log

You may need a "-Z" in there too, if you have some extra security enabled.

Does your user have permission to write the current error.log file;
or to create a new one? If not, do whatever it takes to make that possible.

You do mention some "chmod" commands below, but none that refer to this
directory or file.

> 2016/05/04 20:51:09 [warn] 1#1: the "user" directive makes sense only if
> the master process runs with super-user privileges, ignored in
> /etc/nginx/nginx.conf:5

That is harmless; if you intend to run as non-root, you can remove that
directive from the config file.

> 2016/05/04 20:51:09 [emerg] 1#1: open() "/etc/nginx/conf.d/default.conf"
> failed (13: Permission denied) in /etc/nginx/nginx.conf:33

That suggests that your user can read /etc/nginx/nginx.conf, but cannot
read /etc/nginx/conf.d/default.conf

"ls -ld" or "ls -ldZ" every directory from the root to that one.

Perhaps there is something there that shows why you are blocked.

> I have alredy added to my Dockerfile:
> Run ...
> && chmod 777 /etc/nginx/nginx.conf \
> && chmod 777 /var/run \
> && chmod 777 /etc/nginx/conf.d/default.conf

777 is possibly excessive; but if it works for you, it works. If you
don't have "x" permissions on /etc/nginx/conf.d, though, you probably
won't be able to read the default.conf file within.

> I also run bash on the container and was albe to "cat" the "default.conf"
> and the "nginx.conf" files.

Do you do that as the same user/group that you run nginx as?

Good luck with it,

f
--
Francis Daly francis@daoine.org

_______________________________________________
nginx mailing list
nginx@nginx.org
http://mailman.nginx.org/mailman/listinfo/nginx
Subject Author Posted

openshift-nginx docker image running as non-root

Paulo Leal May 04, 2016 05:26PM

Re: openshift-nginx docker image running as non-root

Francis Daly May 04, 2016 05:52PM

Re: openshift-nginx docker image running as non-root

Aleksandar Lazic May 05, 2016 11:58AM

Re: openshift-nginx docker image running as non-root

Paulo Leal May 05, 2016 01:16PM

Re: openshift-nginx docker image running as non-root

Aleksandar Lazic May 06, 2016 08:12AM



Sorry, only registered users may post in this forum.

Click here to login

Online Users

Guests: 285
Record Number of Users: 8 on April 13, 2023
Record Number of Guests: 421 on December 02, 2018
Powered by nginx      Powered by FreeBSD      PHP Powered      Powered by MariaDB      ipv6 ready