Skip to main content

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index] [List Home]
[hono-dev] Running Docker containers as non-root user

Hi,

as part of building the Hono Docker images we are currently creating a "hono" (system) user which we also use to run the container (by means of Dockerfile's USER hono). However, container orchestration platforms like Openshift usually have their own means to prevent containers from being run as root, e.g. by creating a temporary user and running the container under that user (docker run --user UID:GID). In such cases we would probably interfere with such efforts, in particular when it comes to managing access to file system resources.

I therefore currently tend to remove the special "hono" user from our images and let the container orchestration platform take care of switching to a less priviledged user (if required/wanted).

Any thoughts on that?

--

Mit freundlichen Grüßen / Best regards

Kai Hudalla
Chief Software Architect

Bosch Software Innovations GmbH
Ullsteinstraße 128
12109 Berlin
GERMANY
www.bosch-si.com

Registered Office: Berlin, Registration Court: Amtsgericht Charlottenburg; HRB 148411 B
Chairman of the Supervisory Board: Dr.-Ing. Thorsten Lücke; Managing Directors: Dr.-Ing. Rainer Kallenbach, Michael Hahn


Back to the top