Score:0

How could I run PHP-FPM master process as non-root user?

mx flag

I'm trying to achieve rootless PHP-FPM pod running in Kubernetes.

I tried simply running process in Kubernetes pod via init script that does php-fpm -FO as www-data user but it complaints about not having permissions to access /dev/stderr (log output location). Adding www-data user to the tty group also didn't help.

I tried specifying another location like /proc/self/fd/2 and even /dev/pts/1 as log location but to no avail.

Funny thing is, when I run docker run -itd app:latest su -l www-data -s /bin/sh -c php-fpm -FO &, basically the same startup command via Docker directly, it starts and works just fine.

I don't have any securityContext configured in Kubernetes that could affect process from starting normally.

Any suggestions/ideas to try?

Sergiusz avatar
lv flag
Can you share more details? Which node OS and container image are you using?
mx flag
@Sergiusz I use GKE and their cOS OS and php:fpm-alpine image.
Score:0
lv flag

If you experience the same error on different public apps, it may indicate an issue with GKE. You can report it via Issue Tracker.
If this error is specific to this app, consider different logging aggregator, for example the sidecar pattern.
There's more information regarding logging on GKE in this document.
Additionally, if you are using cOS with Docker, you should switch to containerd version because the former has been deprecated.

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.