mirrors/hadolint
1
0
Fork 0
mirror of https://github.com/hadolint/hadolint.git synced 2025-12-17 03:24:08 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions
Page: DL3002
Pages
DL3000 DL3001 DL3002 DL3003 DL3004 DL3005 DL3006 DL3007 DL3008 DL3009 DL3010 DL3011 DL3012 DL3013 DL3014 DL3015 DL3016 DL3017 DL3018 DL3019 DL3020 DL3021 DL3022 DL3023 DL3024 DL3025 DL3026 DL3027 DL3028 DL3029 DL3030 DL3031 DL3032 DL3033 DL3034 DL3035 DL3036 DL3037 DL3038 DL3039 DL3040 DL3041 DL3042 DL3043 DL3044 DL3045 DL3046 DL3047 DL3048 DL3049 DL3050 DL3051 DL3052 DL3053 DL3054 DL3055 DL3056 DL3057 DL3058 DL3059 DL3060 DL3061 DL3062 DL4000 DL4001 DL4003 DL4004 DL4005 DL4006 Home SC2046 SC2086 Template
3 DL3002
José Lorenzo Rodríguez edited this page 2018-06-18 18:26:01 +02:00
Table of Contents

Last user should not be root.

Problematic code:

FROM busybox
USER root
RUN ...

Correct code:

FROM busybox
USER root
RUN ...
USER guest

Rationale:

Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non privileged user after running the commands you need as root.