Trying to deploy an NGINX container to an OpenShift cluster today, ran into:

nginx: [emerg] mkdir() "/var/cache/nginx/client_temp" failed (13: Permission denied)

To do some investigating spun up a new Pod an attached an interactive shell using oc:

oc run --rm -i -t frontend --image=artifactory.evilcorp.com/frontend:1.0.0 --restart=Never --command -- /bin/sh

Indeed a quick ls -la /var/cache revealed that the nginx subdirectory is writtable by root. No good for OpenShift, which by default is non-root:

$ whoami
1000790000

Luckily nginxinc maintain a rootless optimised base container image called nginxinc/nginx-unprivileged.