You want to run a container as a non-root user with UID 2000 and GID 3000, but the image has no such user. Which is the best way to do this securely?

hard📝 Best Practice Q15 of 15

Docker - Security

AAdd a user with UID 2000 and GID 3000 in the Dockerfile, then use USER

BRun the container as root and change permissions inside

CUse --user 2000:3000 without creating the user in the image

DModify the host system to add user 2000

Step-by-Step Solution

Solution:

Step 1: Understand user creation in Dockerfile
To run as a specific non-root user, create that user and group inside the image with matching UID and GID.
Step 2: Use USER instruction to switch user
After creating the user, use the USER instruction to run container processes as that user securely.
Step 3: Evaluate other options
Running as root is insecure, using --user without user in image may cause permission issues, and modifying host users is unrelated.
Final Answer:
Add a user with UID 2000 and GID 3000 in the Dockerfile, then use USER -> Option A
Quick Check:
Create user + USER = secure non-root run [OK]

Quick Trick: Create user in Dockerfile before USER for secure non-root run [OK]

Common Mistakes:

Master "Security" in Docker

9 interactive learning modes - each teaches the same concept differently

Want More Practice?

15+ quiz questions · All difficulty levels · Free

More Docker Quizzes