Skip to content
Kong Logo | Kong Docs Logo
search
  • We're Hiring!
  • Docs
    • Kong Gateway
    • Kong Konnect
    • Kong Mesh
    • Plugin Hub
    • decK
    • Kubernetes Ingress Controller
    • Insomnia
    • Kuma

    • Docs contribution guidelines
  • Plugin Hub
  • Support
  • Community
  • Kong Academy
Get a Demo Start Free Trial
  • Kong Gateway
  • Kong Konnect
  • Kong Mesh
  • Plugin Hub
  • decK
  • Kubernetes Ingress Controller
  • Insomnia
  • Kuma

  • Docs contribution guidelines
  • 3.3.x (latest)
  • 3.2.x
  • 3.1.x
  • 3.0.x
  • 2.8.x
  • 2.7.x
  • 2.6.x
  • Older Enterprise versions (2.1-2.5)
  • Older OSS versions (2.1-2.5)
  • Archive (pre-2.1)

github-edit-pageEdit this page

report-issueReport an issue

enterprise-switcher-iconSwitch to OSS

On this pageOn this page
  • Prerequisites
  • Run Kong Gateway as the built-in kong user
  • Run Kong Gateway as a custom non-root user
Kong Gateway
3.1.x
  • Home
  • Kong Gateway
  • Production Deployment
  • Running Kong
  • Running Kong as a Non-Root User
You are browsing documentation for an outdated version. See the latest documentation here.

Running Kong as a Non-Root User

After installing Kong Gateway on a GNU/Linux system, you can configure Kong to run as the built-in kong user and group instead of root. This makes the Nginx master and worker processes run as the built-in kong user and group, overriding any settings in the nginx_user configuration property. It is also possible to run Kong as a custom non-root user.

Important: The Nginx master process needs to run as root for Nginx to execute certain actions (for example, to listen on the privileged port 80).

Although running Kong as the kong user and group does provide more security, we advise that a system and network administration evaluation be performed before making this decision. Otherwise, Kong nodes might become unavailable due to insufficient permissions to execute privileged system calls in the operating system.

Prerequisites

Kong Enterprise is installed on one of the following Linux distributions:

  • Amazon Linux 1 or 2
  • RHEL
  • Ubuntu

Run Kong Gateway as the built-in kong user

When Kong Gateway is installed with a package management system such as APT or YUM, a default kong user and a default kong group are created. All the files installed by the package are owned by the kong user and group.

  1. Switch to the built-in kong user:

     su kong
    
  2. Start Kong:

     kong start
    

Run Kong Gateway as a custom non-root user

It is also possible to run Kong as a custom non-root user. Since all the files installed by the Kong Gateway package are owned by the kong group, a user that belongs to that group should be permitted to perform the same operations as the kong user.

  1. Add the user to the kong group

     sudo usermod -aG kong your-user
    
  2. Start Kong:

     kong start
    
Thank you for your feedback.
Was this page useful?
  • Kong
    THE CLOUD CONNECTIVITY COMPANY

    Kong powers reliable digital connections across APIs, hybrid and multi-cloud environments.

    • Company
    • Customers
    • Events
    • Investors
    • Careers Hiring!
    • Partners
    • Press
    • Contact
  • Products
    • Kong Konnect
    • Kong Gateway
    • Kong Mesh
    • Get Started
    • Pricing
  • Resources
    • eBooks
    • Webinars
    • Briefs
    • Blog
    • API Gateway
    • Microservices
  • Open Source
    • Install Kong Gateway
    • Kong Community
    • Kubernetes Ingress
    • Kuma
    • Insomnia
  • Solutions
    • Decentralize
    • Secure & Govern
    • Create a Dev Platform
    • API Gateway
    • Kubernetes
    • Service Mesh
Star
  • Terms•Privacy
© Kong Inc. 2023