Running docker processes as root or a user?

bayramovanar · January 19, 2024, 10:59am

Hello,
We are working on improving our dockerfiles. One question commonly asked by my team whether we should run docker processes as root or create stand alone user for that.

USER foo_user
COPY --chown=foo_user:foo_user

Tho Docker recommended solution is stand alone user. I wanted to confirm with you if it is also necessary and recommended way for our kubernetes setup.
Based on my investigation we already have some cluster/pod security policies defined with clusters created by Qovery.
So I wanted to confirm if such extra measures are required as well as if it may have some implications on our deployments, failover strategies etc.
Thank you in advance!

Erebe · January 19, 2024, 3:33pm

Hello,

Yes, running as non-root is a best security practice for containers.
Security is by layer, so even if there are pod policies in place, if you don’t need your application to use root, you should aim to have a local user in your container.

system · March 26, 2024, 10:47am

This topic was automatically closed 7 days after the last reply. New replies are no longer allowed.

Topic		Replies	Views
Passing arguments to docker run Questions and Answers qovery	10	952	March 25, 2024
Why You Should Use Docker over Buildpacks News	0	389	April 20, 2023
Terraform: Port mapping for containers that run worker processes Deployment qovery , aws , terraform	2	497	March 25, 2024
How to run my tests before deploying my app Questions and Answers qovery	3	557	March 25, 2024
Can you push Docker image to Qovery for deployment? Questions and Answers	2	400	March 25, 2024

Running docker processes as root or a user?

Related topics