I tried running the latest builds of debian and alpine but seems to run as root user.
I expected echo $USER
should not return root if it returns empty; then I need to verify with the command whoami
if that also returns root we have logged into docker container in root mode which can lead to a vulnerability.
2
Answers
According to this StackOverflow answer, you need to pass the parameter
--user <user>
in order to login as non-root user.Example:
docker run -it --user nobody alpine
The usual way to deal with this is to override this in your
Dockerfile
(you can dodocker run --user
, but that can be confusing to programs since e.g. there won’t be a home directory setup).More details, and some other things you can do to secure your container: https://pythonspeed.com/articles/root-capabilities-docker-security/