Running Kong as a Non-Root User
After installing Kong Gateway on a GNU/Linux system, you can
configure Kong to run as the built-in
kong user and group instead of
This makes the Nginx master and worker processes run as the built-in
user and group, overriding any settings in the
configuration property. It is also possible to run Kong as a custom non-root user.
Important: The Nginx master process needs to run as
rootfor Nginx to execute certain actions (for example, to listen on the privileged port 80).
Although running Kong as the
konguser and group does provide more security, we advise that a system and network administration evaluation be performed before making this decision. Otherwise, Kong nodes might become unavailable due to insufficient permissions to execute privileged system calls in the operating system.
Kong Enterprise is installed on one of the following Linux distributions:
Run Kong Gateway as the built-in kong user
When Kong Gateway is installed with a package management system such as
YUM, a default
kong user and a default
kong group are created. All the files installed by the package are owned by the
kong user and group.
Switch to the built-in
Run Kong Gateway as a custom non-root user
It is also possible to run Kong as a custom non-root user. Since all the files installed by the Kong Gateway package are owned by the
kong group, a user that belongs to that group should be permitted to perform the same operations as the
Add the user to the
sudo usermod -aG kong your-user