What user are your containers running under?

V

Vadim2021-05-26 18:34:28

Docker

Vadim, 2021-05-26 18:34:28

Hello everyone,

I want to ask from general practices, do you force your developers to write a type directive in your Dockerfiles

USER just_user

before the main process itself - for example, for a dotnet application

ENTRYPOINT ["dotnet", "aspnetapp.dll"]

Or is there a need to change the user to non-root?

all the best,
Vadim

Reply

Answer the question

In order to leave comments, you need to log in

3 answer(s)

R

Romses Panagiotis, 2021-05-26
@romesses

It is recommended to use a non-root user
https://sysdig.com/blog/dockerfile-best-practices/
There are also vulnerability scanners in Docker images.
But in practice, many give a damn about safety. So at least try to make as little effort as possible.

D

Dmitry Shitskov, 2021-05-26
@Zarom

We don’t force it, but in accordance with the policies, our Kubernetes will refuse to launch containers from a user with id0, or redefine the user (usually by id 1000) at the time of launch, depending on the service delivery option.

V

Vadim, 2021-06-06
@Viji

Dmitry, where are such policies described in Kubernetes? Can I have an example yaml file?