wazuh manager can be run as non-root?

[shashipanduga]

In this repo for build-docker-images, both Indexer and Dashboard containers are set to run as non-root user, while the manager is set to run as root. Wanted to know if manager as well can be run as non-root user at all. In case not feasible, wanted to understand the dependencies here.
Thanks in advance!

[jctello]

Hi @shashipanduga,
Yes, you can run all containers as a non-root user.
As you mention, this is done with the Dockerfile of the Indexer and Dashboards but not for the Wazuh manager.

By adding a non-root user to the docker group as mentioned on the note at the end of the Docker engine installation instructions you may run all containers as a less privileged user.

[shashipanduga]

Hi @jctello ,
Thank you for the quick response.
I am deploying on kubernetes, could not find a way to run manager/server as non-root unfortunately. Tried to run the manager pod as wazuh:wazuh as well, but it fails to start.
In my case I built the docker images for indexer, manager and dashboard using wazuh/wazuh-docker git repo, customized the
wazuh-kubernetes spec per my needs and deploying in my local kubernetes environment.

In the above example you shared, it seems to work to run Docker Daemon itself as non-user, but its not applicable in my case as I understand.

[jctello]

Hi @shashipanduga ,
Given that the containers themselves do not require root then this is not specific to the Wazuh docker containers.
You may define a Security Context for a Pod or Container as explained here: https://kubernetes.io/docs/tasks/configure-pod-container/security-context/
If there's a K8s specific issue then it may be better to create a separate discussion in the wazuh-kubernetes repository where more information is provided around the configuration used.