Best practices

K8s scheduler configuration file ownership is not set to root:root

Risk Level

Informational (4)

Platform(s)
  • N/A

Compliance Frameworks

Description

It was found that the K8s scheduler configuration file's owner is not set to root. Setting the file's owner to a low privileged user allows the modification of the file by this user and expose the configuration file to unwanted modification.
  • Recommended Mitigation

    It is recommended to change the file's owner to 'root' to allow the file modification for privileged users only.