luxolus/open-nomad
2
0
Fork 0
Code Issues 1 Pull requests Packages Releases Wiki Activity

docs: mention client can be non-root

Browse source 
I want to strike a balance here:

- On the one hand there are use cases (raw_exec or Docker only) where
  running Nomad clients as an unprivileged user is *preferable.*
- On the other hand running Nomad clients as root is our main and best
  tested environment. So I want to leave that a strong recommendation.
This commit is contained in:
Michael Schurter 2021-01-05 11:08:23 -08:00
parent 70bf5456d3
commit d5b858680b
1 changed files with 5 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

8
website/pages/docs/operations/nomad-agent.mdx
View file

@ -142,6 +142,8 @@ Nomad servers should be run with the lowest possible permissions. They need
access to their own data directory and the ability to bind to their ports. You
should create a `nomad` user with the minimal set of required privileges.
Nomad clients must be run as `root` due to the OS isolation mechanisms that
require root privileges. The Nomad client's data directory should be owned by
`root` with filesystem permissions set to `0700`.
Nomad clients should be run as `root` due to the OS isolation mechanisms that
require root privileges. While it is possible to run Nomad as an unprivileged
user, careful testing must be done to ensure the task drivers and features
you use function as expected. The Nomad client's data directory should be
owned by `root` with filesystem permissions set to `0700`.