Docker Security Best Practices
71%
Do Not Use the Root User
By default, Docker containers run as the root user. Running a container as root means that if a process escapes the container, it may have the same privileges on the host system as the root user, significantly increasing the risk and impact of a container breakout.
If root privileges are not necessary, it's highly recommended to run the container as a non-root user. This helps mitigate the potential damage in the event of a security breach.
Here is an example of a Dockerfile that runs the container as a non-root user:
# Use an official Python runtime as a parent image
FROM python:3.8-slim
# Set the working directory in the container
WORKDIR /app
# Copy the current directory contents into the container at /app
COPY . /app
# Install any needed packages specified in requirements.txt
RUN pip install --no-cache-dir -r requirements.txt
# Create a user and group
RUN groupadd -r appuser && useradd -r -g appuser appuser
# Change ownership of the application files to the non-root userPainless Docker - 2nd Edition
A Comprehensive Guide to Mastering Docker and its EcosystemEnroll now to unlock all content and receive all future updates for free.
Unlock now  $31.99$25.59Learn More
Hurry! This limited time offer ends in:
To redeem this offer, copy the coupon code below and apply it at checkout: