I’m new to the container world. Does it have any security benefits when I run my applications as a non-root user in a docker container? And how about Podman? There I’ll run the container as an unprivileged user anyway. Would changing the user in the container achieve anything?

  • @[email protected]
    link
    fedilink
    English
    4
    edit-2
    1 year ago

    It means that if someone breaks out of your container, they can only do things that user can do.

    Can that user access your private documents (are these documents in a container that also runs under that user)?

    Can that user sudo?

    Can that user access SSH keys and jump to other computers?

    Generally speaking, the answer to all of these should be “no”, meaning that each group of containers (or risk levels etc) get their own account.

    • @SpaceNoodle
      link
      English
      21 year ago

      Process UIDs do the exact same thing.