Since Docker unfortunately designed their containers in a way that has added friction to running as a non-root user, I thought it’d be nice to repost this boilerplate I found that should be used in every docker container (mostly for my own convenience).

FROM <my-fancy-image>
RUN useradd -u 10001 scratchuser

FROM scratch
COPY --from=0 /etc/passwd /etc/passwd
USER scratchuser

ENTRYPOINT ["/dosomething"]


There’s also this tool for finding other containers running as root: -

And this tool for linting your Dockerfiles: -