Avoiding running a container as root
Most applications or application services that run inside a container do not need root access. To tighten security, it is helpful in those scenarios to run these processes with minimal necessary privileges. These applications should not be run as root nor assume that they have root-level privileges.
Once again, let’s illustrate what we mean with an example. Assume we have a file with top-secret content. We want to secure this file on our Unix-based system using the chmod tool so that only users with root permissions can access it. Let’s assume I am logged in as demo on the dev host and hence my prompt is demo@dev $. I can use sudo su to impersonate a superuser. I have to enter the superuser password though:
demo@dev $ sudo su Password: <root password> root@dev $
Now, as the root user, I can create this file called top-secret.txt and secure it:
root@dev $ echo "You should not...
