CIS NGINX container in the AWS market place

Owned by Chris Boldiston
Last updated: Aug 06, 2020
1 min read

 

Product Name

CIS Hardened Images® (AWS)

Product Version

all

Date

Jul 31, 2020

Problem

We are using your Ubuntu NGINX container on the AWS market place and noticed that when running as a non-root user (--user 1000:1000) the container won't start due to it trying to access the NGINX config. 

Do you have a method for running this as non-root and read-only?

Solution

  • Connect to the Docker Daemon as any user (root vs non-root) as long as the user is a part of the docker group. Ensure that the user is in that group and if the error still persists perform the following command;

sudo chown username:username /home/username/.docker -R

  • That assures user 1000:1000 has ownership of the default docker file. To assure this permissions is correct on docker you can run;

sudo chmod g+rwx "/home/username/.docker" -R

 

 

Copyright © 2020 Center for Internet Security® Privacy Policy