Certified Security - Specialty

Sign Up Free or Log In to participate!

Running containers as root

The slide says we should not run containers as root. Is it possible to expand on this statement? As it seems to be the default for most containers to run everything as root. 

I’m curious what the workflow would look like trying to add users to every container to account for this. Or does this recommendation only apply in certain scenarios?

1 Answers

Hi Peter,

You can specify the user that you would like to run your processes as inside the Dockerfile. The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use when running the image. From the documentation, it sounds like you don’t have to create the user first.


And there is also a great talk on Container Security from AWS here:


For the exam you just need a general understanding of containers how to secure them at a high level. 

hope that helps


Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?