The k8s pod doesn't have enough permission

Question

The k8s pod doesn't have enough permission

Closed this issue 6 months ago · 2 comments

Hi, I am facing a issue that sshpiper didn't have enough permission to open sshpiper_upstream file.
I ran sshpiper using kubernetes. The dir that stored config file is stored in Nas and mounted at /var/sshpiper using pv/pvc. When someone want to access the pod using ssh, the sshpiper will tell that it didn't have enough permission to access the config file, so the login is denied.

The logs that sshpiper container output:

time="2024-02-21T08:37:45Z" level=error msg="cannot create upstream for 10.90.97.64:23805 (username [r11631025_test]) with password auth: rpc error: code = Unknown desc = open /var/sshpiper/r11631025_test/sshpiper_upstream: permission denied"
time="2024-02-21T08:38:45Z" level=error msg="cannot create upstream for 10.90.97.64:13146 (username [r11631025_test]) with password auth: rpc error: code = Unknown desc = open /var/sshpiper/r11631025_test/sshpiper_upstream: permission denied"
time="2024-02-21T08:39:02Z" level=error msg="cannot create upstream for 10.90.97.64:56654 (username [jesse1705819559668]) with password auth: rpc error: code = Unknown desc = /var/sshpiper/jesse1705819559668/sshpiper_upstream's perm is too open"
time="2024-02-21T08:39:32Z" level=error msg="cannot create upstream for 10.90.97.64:18908 (username [jesse1705819559668]) with password auth: rpc error: code = Unknown desc = open /var/sshpiper/jesse1705819559668/sshpiper_upstream: permission denied"

The permission of config file is set like below:

    ├── [drwxrwxrwx root     root    ]  b09611007_berlin
    │   └── [-rw------- root     root    ]  sshpiper_upstream
    ├── [drwxrwxrwx root     root    ]  b09611007_berlin3
    │   └── [-rw------- root     root    ]  sshpiper_upstream
    ├── [drwxrwxrwx root     root    ]  haopingchen_arcface
    │   └── [-rw------- root     root    ]  sshpiper_upstream
    ├── [drwxrwxrwx root     root    ]  jesse1705819559668
    │   └── [-rwx------ root     root    ]  sshpiper_upstream
    ├── [drwxrwxrwx root     root    ]  jonas_gfddgdf
         └── [-rw------- root     root    ]  sshpiper_upstream

Answer 1 · 2024-02-21T11:03:35.000Z

could you please make those file visible to non-root?

#155

Answer 2 · 2024-02-22T13:00:35.000Z

Thanks for your advice. I have tried it and it works. Thanks a lot.