关注容器安全!使用普通用户身份跑 Python 进程

以 rabbitmq 为例子,来看看他是用什么用户来跑的!是 root 还是普通用户,还是普通特权用户!

root@taskgen_rabbitmq_host:/proc/1# ps -eo pid,user,group,euser,egroup,cmd
  PID USER     GROUP    EUSER    EGROUP   CMD
    1 rabbitmq rabbitmq rabbitmq rabbitmq /bin/sh /opt/rabbitmq/sbin/rabbitmq-server
   21 rabbitmq rabbitmq rabbitmq rabbitmq /usr/local/lib/erlang/erts-12.2/bin/beam.smp -W w -MBas ageffcbf -MHas ageffcbf -MBlmbcs 512 -MHlmbcs 512 -MMmcs 30 -P 1048576 -t 5000000 -stbt db -zdbbl 128000 -sbwt none -sbwtdcpu none -sbwtdio none -B i -- -root /usr/local/lib/erlang -progname erl -- -home /var/lib/rabb
   29 rabbitmq rabbitmq rabbitmq rabbitmq erl_child_setup 1048576
  163 rabbitmq rabbitmq rabbitmq rabbitmq /usr/local/lib/erlang/erts-12.2/bin/epmd -daemon
  294 rabbitmq rabbitmq rabbitmq rabbitmq inet_gethost 4
  295 rabbitmq rabbitmq rabbitmq rabbitmq inet_gethost 4
 7288 root     root     root     root     bash
 7458 root     root     root     root     ps -eo pid,user,group,euser,egroup,cmd

我们可以看到,userrabbitmq,这个 rabbitmq 有特权吗?

root@taskgen_rabbitmq_host:/proc/1# awk -F: '$3==0 {print $1}' /etc/passwd
root

可以看到,只有一个特权用户,即 rootrabbitmq 没有特权

你可能感兴趣的:(pythondocker)