Apply suggestions from code review

Co-Authored-By: krmayankk <[email protected]>
kubernetes · Mar 11, 2019 · 64283ea · 64283ea
1 parent a67c338
commit 64283ea
Show file tree

Hide file tree

Showing 2 changed files with 5 additions and 4 deletions.
diff --git a/content/en/docs/reference/glossary/security-context.md b/content/en/docs/reference/glossary/security-context.md
@@ -14,5 +14,5 @@ tags:
 
 <!--more--> 
 
-The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser, primary group(runAsGroup) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
+The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser), primary group(runAsGroup) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
 
diff --git a/content/en/docs/tasks/configure-pod-container/security-context.md b/content/en/docs/tasks/configure-pod-container/security-context.md
@@ -55,8 +55,8 @@ In the configuration file, the `runAsUser` field specifies that for any Containe
 the Pod, all processes runs with user ID 1000. The `runAsGroup` field specifies the primary group ID of 3000 for 
 all processes within any containers of the Pod. If this field is ommitted, the primary group ID of the containers 
 will be root(0). Any files created will also be owned by user 1000 and group 3000 when `runAsGroup` is specified. 
-If `fsGroup` field is specified, all processes of the container are also part of the supplementary group ID 2000. 
-Group ID 2000 is also associated with the volume mounted at `/data/demo` and with any files created in that volume. 
+Since `fsGroup` field is specified, all processes of the container are also part of the supplementary group ID 2000. 
+The owner for volume `/data/demo` and any files created in that volume will be Group ID 2000. 
 
 Create the Pod:
 
@@ -131,7 +131,8 @@ $ id
 uid=1000 gid=3000 groups=2000
 ```
 You will see that gid is 3000 which is same as `runAsGroup` field. If the `runAsGroup` was ommitted the gid would
-remain as 0(root) and the process would continue to run with some root privileges.
+remain as 0(root) and the process will be able to interact with files that are owned by root(0) group and has the
+required group permissions for root(0) group.
 
 Exit your shell:
Original file line number	Diff line number	Diff line change
Expand Up		@@ -14,5 +14,5 @@ tags:

		<!--more-->

		The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser, primary group(runAsGroup) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.
		The securityContext field in a {{< glossary_tooltip term_id="pod" >}} (applying to all containers) or container is used to set the user (runAsUser), primary group(runAsGroup) and group (fsGroup), capabilities, privilege settings, and security policies (SELinux/AppArmor/Seccomp) that container processes use.