File access and permissions
- Users and groups
- File read and write permissions

File access and permissions

This page describes the file access requirements for Kong Gateway.

Users and groups

When a user installs a Kong Gateway official binary package, or uses the Docker image, Kong defaults to running under the kong user and group.

The following directories and files are installed by the binary and owned by the kong user and group:

/usr/local/kong/: the default run-time data prefix directory for Kong
/usr/local/openresty/: the OpenResty installation
/etc/kong/: the default configuration directory

Note: The kong shell is set to /sbin/nologin, this prevents using SSH to log in and execute commands.

File read and write permissions

The following table contains Kong Gateway components and any additional file paths it accesses, in addition to the standard system files that the kong user already has access to.

Component	File path description	Read or Write
`grpc-gateway`	The `.proto` file path configured in the plugin.	Read
`grpc-web`	The `.proto` file path configured in the plugin. Dependent on proxy path traffic.	Write
Granular tracing	`tracing_write_endpoint`. Only if `tracing_write_strategy` is set to `file`. Dependent on proxy path traffic.	Write
Access logs and error logs	Under `prefix`, by default `/usr/local/kong/kogs`. Dependent on proxy path traffic.	Write
Temporary data	Under `prefix`, by default `/user/local/kong`. Includes cached configuration values and temporary body buffers.	Write

File Permissions Reference

File access and permissions

Users and groups

File read and write permissions