[database] make Redis process runs as non-root user (#16326)
Why I did it Running the Redis server as the "root" user is not recommended. It is suggested that the server should be operated by a non-privileged user. Work item tracking Microsoft ADO (number only): 15895240 How I did it Ensure the Redis process is operating under the 'redis' user in supervisord and make redis user own REDIS_DIR inside db container. How to verify it Built new image, verify redis process is running as 'redis' user and all containers are up. Signed-off-by: Mai Bui <maibui@microsoft.com>
This commit is contained in:
parent
84cfc3bc69
commit
ff5f46955c
@ -99,4 +99,6 @@ TZ=$(cat /etc/timezone)
|
||||
rm -rf /etc/localtime
|
||||
ln -sf /usr/share/zoneinfo/$TZ /etc/localtime
|
||||
|
||||
chown -R redis:redis $REDIS_DIR
|
||||
|
||||
exec /usr/local/bin/supervisord
|
||||
|
@ -38,6 +38,7 @@ dependent_startup=true
|
||||
{%- endif -%}
|
||||
command=/bin/bash -c "{ [[ -s /var/lib/{{ redis_inst }}/dump.rdb ]] || rm -f /var/lib/{{ redis_inst }}/dump.rdb; } && mkdir -p /var/lib/{{ redis_inst }} && exec /usr/bin/redis-server /etc/redis/redis.conf --bind {{ LOOPBACK_IP }} {{ redis_items['hostname'] }} --port {{ redis_items['port'] }} --unixsocket {{ redis_items['unix_socket_path'] }} --pidfile /var/run/redis/{{ redis_inst }}.pid --dir /var/lib/{{ redis_inst }}"
|
||||
priority=2
|
||||
user=redis
|
||||
autostart=false
|
||||
autorestart=false
|
||||
stdout_logfile=syslog
|
||||
|
Loading…
Reference in New Issue
Block a user