Hi,
Current issue
In non-root policy environment in Kubernetes cluster (e.g.: OpenShift clusters), it is not possible to run containers as root. Thus cron container, especially packaged in the busybox tools, can not be run at all. Pragmatic related issue: nextcloud/helm#733
How to reproduce the issue
docker run -u 1234 --rm -ti alpine crond -f
crond[1]: crond (busybox 1.37.0) started, log level 8
crond[1]: root: Permission denied
Expected result
So cron usually needs root to be able to read all cron users crontabs. However, given that busybox tools are also largely used in container environment, and to follow non-root best practice, it would be great to have a non-root compatibility mode. This compatibility mode work such that there is no need for cron to have root privilege. For example, to run crond:
would simply read the crontab and run it as the crond user (whether root or not). It will also ignore all the /etc/cron* and /var/spool/cron/crontabs/* files.
As a result this busybox cron would work in most sidecar container such as nextcloud use of crond (nextcloud/helm#733).
Hi,
Current issue
In non-root policy environment in Kubernetes cluster (e.g.: OpenShift clusters), it is not possible to run containers as root. Thus cron container, especially packaged in the busybox tools, can not be run at all. Pragmatic related issue: nextcloud/helm#733
How to reproduce the issue
Expected result
So cron usually needs root to be able to read all cron users crontabs. However, given that busybox tools are also largely used in container environment, and to follow non-root best practice, it would be great to have a non-root compatibility mode. This compatibility mode work such that there is no need for cron to have root privilege. For example, to run crond:
would simply read the crontab and run it as the crond user (whether root or not). It will also ignore all the
/etc/cron*and/var/spool/cron/crontabs/*files.As a result this busybox cron would work in most sidecar container such as nextcloud use of crond (nextcloud/helm#733).