Since Docker unfortunately designed their containers in a way that has added friction to running as a non-root user, I thought it’d be nice to repost this boilerplate I found that should be used in every docker container (mostly for my own convenience).

FROM <my-fancy-image>
RUN useradd -u 10001 scratchuser

FROM scratch
COPY --from=0 /etc/passwd /etc/passwd
USER scratchuser

ENTRYPOINT ["/dosomething"]

source: https://medium.com/@lizrice/non-privileged-containers-based-on-the-scratch-image-a80105d6d341

There’s also this tool for finding other containers running as root: - https://github.com/nicholasjackson/cnitch

And this tool for linting your Dockerfiles: - https://github.com/hadolint/hadolint