Fix sshd_config and cgit permissions

- Remove unsupported UsePAM option from sshd_config - Run cgit as root to allow cache directory initialization - Add CHOWN and DAC_OVERRIDE capabilities for cgit
author: Paul Buetow <paul@buetow.org> 2026-01-09 11:11:58 +0200
committer: Paul Buetow <paul@buetow.org> 2026-01-09 19:40:51 +0200
commit: 676786639604fe244ba5372471afba4c7824e365 (patch)
tree: 37b8eef59628f28628caa3e4e5ae727cb11bc9ee /f3s/git-server/helm-chart
parent: c6ec63635fd9c75c452dbb1a040912e5301f731e (diff)
1 files changed, 3 insertions, 4 deletions
diff --git a/f3s/git-server/helm-chart/templates/deployment.yaml b/f3s/git-server/helm-chart/templates/deployment.yaml
index a3f4568..0446725 100644
--- a/f3s/git-server/helm-chart/templates/deployment.yaml
+++ b/f3s/git-server/helm-chart/templates/deployment.yaml
@@ -71,13 +71,12 @@ spec:
         - name: cgit-cache
           mountPath: /var/cache/cgit
         securityContext:
-          runAsUser: 33
-          runAsGroup: 33
-          runAsNonRoot: true
+          runAsUser: 0
+          runAsGroup: 0
           allowPrivilegeEscalation: false
           capabilities:
             drop: ["ALL"]
-            add: ["NET_BIND_SERVICE"]
+            add: ["NET_BIND_SERVICE", "CHOWN", "DAC_OVERRIDE"]
         resources:
           requests:
             cpu: 50m
author	Paul Buetow <paul@buetow.org>	2026-01-09 11:11:58 +0200
committer	Paul Buetow <paul@buetow.org>	2026-01-09 19:40:51 +0200
commit	676786639604fe244ba5372471afba4c7824e365 (patch)
tree	37b8eef59628f28628caa3e4e5ae727cb11bc9ee /f3s/git-server/helm-chart
parent	c6ec63635fd9c75c452dbb1a040912e5301f731e (diff)