search

ansible / awx

AWX provides a web-based user interface, REST API, and task engine built on top of Ansible. It is one of the upstream projects for Red Hat Ansible Automation Platform.
Other
14.06k stars 3.42k forks source link

Running AWX as non-root user #10648

Open pgaijin66 opened 3 years ago

pgaijin66 commented 3 years ago

Running any docker container as a root user is considered to be a security risk. Running container as root invites a lot of security issues with privilege escalation being one of them also this

As highlighted here: Looks like people have raised this issue as well.

Could you provide AWX specifications on running AWX as a non-privileged user or specifications where we can apply the principle of least privilege while running AWX properly and securely?

shanemcd commented 3 years ago

Are you on the older Docker install? This definitely shouldn't be the case on the newer Operator-based deployments.

pgaijin66 commented 3 years ago

Sorry for the delayed response. We are using https://hub.docker.com/r/ansible/awx as the base image. AWX is running as part of our docker compose file and not as part of Kubernetes.

ghost commented 2 years ago

@shanemcd I see the user of 1000, but:

podman run -it quay.io/ansible/awx:21.8.0 bash
bash-5.1$ whoami
1000
bash-5.1$ groups
root

Also the awx-operator issue linked above