Menu
How safe it is to run docker container as root user in production environment ? Is this standard practice or it is recommended to run docker container as non root user ?
Edit :
My question assumes running docker daemon, docker client and application inside docker as root ( everything as root docker server, client and application inside container )
694
Running the container as root brings a lot of risks. Although being root inside the container is not the same as root on the host machine (some more details here) and you're able to deny a lot of capabilities during container startup, it is still the recommended approach to avoid being root .
One of the best practices while running Docker Container is to run processes with a non-root user. This is because if a user manages to break out of the application running as root in the container, he may gain root user access on host.
Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the container. You can add an extra layer of safety by enabling AppArmor, SELinux, GRSEC, or another appropriate hardening system.
Docker containers are designed to be accessed as root users to execute commands that non-root users can't execute. We can run a command in a running container using the docker exec. We'll use the -i and -t option of the docker exec command to get the interactive shell with TTY terminal access.
It is safer, and better practice, to run as non-root, both in docker and non-docker environments. However, running as root within a docker container is at least somewhat less dangerous than running as root directly in the primary OS, but definitely for a production system running as root is pretty much unheard of by any company with even the most basic security concerns.
97
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
