While doing CIS Lv2 Host Configuration Reviews, we have the following finding:
- 6.1.10 - Ensure no world writable files exist
Based on searches on internet, my team found the following two links:
- K3s creating world writable files and un-owned files · Issue #758 · k3s-io/k3s · GitHub
- TOB-K8S-004: Pervasive world-accessible file permissions · Issue #81116 · kubernetes/kubernetes · GitHub
My team has tried to configure 755 or 644 to the files and subfolders under k3s. However, our pods are not able to run without the write permissions.
Based on the above two links, our team would like to check if this is a current limitation on the k3s Platform?
Thanks a lot for your help.