Use a least privileged user
When a Dockerfile doesn’t specify a USER, it defaults to executing the container using the root user. In pra...
For further actions, you may consider blocking this person and/or reporting abuse
You’re jumping through a lot of hoops to create a user. There’s a keyword for creating a user in a particular group.
docs.docker.com/engine/reference/b...
the
USER
instruction though is only switching the user ownership to a specific user, it isn't actually creating a new one. Correct?No. It creates a user. The only reason to do it the way you did it is if you need to map a user/group from the host to one inside the container.
Would you like to reference an example Dockerfile for that?
AFAIK a directive such as
USER lirantal
does not create a user if one doesn't exist already.docs.docker.com/engine/reference/b...
USER directive does not create a user. The username specified must already exist or can be created earlier in the Dockerfile directives.
From docs.docker.com/develop/develop-im...
If a service can run without privileges, use USER to change to a non-root user. Start by creating the user and group in the Dockerfile with something like:
RUN groupadd -r postgres && useradd --no-log-init -r -g postgres postgres
Thanks for reassuring.
Yup. I stand corrected.