You are browsing documentation for an outdated version. See the latest documentation here.
File access and permissions
This page describes the file access requirements for Kong Gateway.
Users and groups
When a user installs a Kong Gateway official binary package, or uses the Docker image, Kong defaults to running under the kong
user and group.
The following directories and files are installed by the binary and owned by the kong
user and group:
/usr/local/kong/
: the default run-time data prefix directory for Kong/usr/local/openresty/
: the OpenResty installation/etc/kong/
: the default configuration directory
Note: The
kong
shell is set to/sbin/nologin
, this prevents using SSH to log in and execute commands.
File read and write permissions
The following table contains Kong Gateway components and any additional file paths it accesses, in addition to the standard system files that the kong
user already has access to.
Component | File path description | Read or Write |
---|---|---|
grpc-gateway | The .proto file path configured in the plugin. | Read |
grpc-web | The .proto file path configured in the plugin.Dependent on proxy path traffic. | Write |
Granular tracing | tracing_write_endpoint .Only if tracing_write_strategy is set to file .Dependent on proxy path traffic. | Write |
Access logs and error logs | Under prefix , by default /usr/local/kong/kogs .Dependent on proxy path traffic. | Write |
Temporary data | Under prefix , by default /user/local/kong .Includes cached configuration values and temporary body buffers. | Write |