Unable to run rabbitmqctl utility as a non root or non rabbitmq user. #3240
Replies: 4 comments 2 replies
-
I will convert this issue to a GitHub discussion. Currently GitHub will automatically close and lock the issue even though your question will be transferred and responded to elsewhere. This is to let you know that we do not intend to ignore this but this is how the current GitHub conversion mechanism makes it seem for the users :( |
Beta Was this translation helpful? Give feedback.
-
@kaushiksrinivas can you please provide some details on how RabbitMQ was provisioned, what are you trying to do and why? The only installation method that limits some commands to administrative users is the Debian and RPM packages. It is highly unusual to see any of those used on Kubernetes in this day and age. |
Beta Was this translation helpful? Give feedback.
-
The check is performed by a wrapper script, Besides general practice of limiting administrative tools to certain users (privileged and Modern CLI tools support We are not aware of any such limitations in environments that use the RabbitMQ cluster Operator for Kubernetes. |
Beta Was this translation helpful? Give feedback.
-
There is always a chance for rabbitmq server to run as a user apart from "root" or "rabbitmq" right. In those case, enforcing these utilities to be run as one of those users still will not help right ? since the cookie of actual rabbitmq server can be stored in the home directory of the user rabbitmq is run with (not root / not rabbitmq). In those cases if the cookie is copied to the home directory of the user which is running the cli tools should be enough to solve these problems right ? instead of binding these tools to run as only root or rabbitmq user ? Please correct if the understanding is incorrect. |
Beta Was this translation helpful? Give feedback.
-
We are unable to run the rabbitmqctl tool, without being a root user or being a rabbitmq user. In our k8s containers, we do not wish to run this utility as a root or as a rabbitmq user. When looked at the contents of this script, there are explicit checks if the user is a root user or rabbitmq user, if not the script just terminates.
What is the reason behind this hard coded checks and any possible safe work arounds for this ?
Beta Was this translation helpful? Give feedback.
All reactions