A developer is creating a Dockerfile to containerize a web application. For security reasons, the application and any subsequent commands in the Dockerfile must not run as the root user. The developer has already added a non-root user named webapp to the image using a RUN command.
Which of the following Dockerfile instructions should be used to set the default user for all subsequent RUN, CMD, and ENTRYPOINT instructions?
The correct answer is USER. The USER instruction in a Dockerfile sets the user name (or UID) and optionally the group name (or GID) to use for running the image and for any subsequent RUN, CMD, and ENTRYPOINT instructions that follow it. This is the standard and most direct method for switching the execution context to a non-root user for security purposes.
RUN is used to execute commands during the image build process, such as installing packages or, in this case, creating a user with useradd. However, it does not set the user for subsequent instructions.
CMD specifies the default command to execute when a container starts. It does not control the user context for other instructions.
ENTRYPOINT configures a container that will run as an executable. While one could potentially use a command like sudo within an entrypoint script, it is not the correct Dockerfile instruction for setting the default user context declaratively.
Ask Bash
Bash is our AI bot, trained to help you pass your exam. AI Generated Content may display inaccurate information, always double-check anything important.
Why is the `USER` instruction preferred for setting a default user in a Dockerfile?
Open an interactive chat with Bash
What are the security risks of running containers as the root user?
Open an interactive chat with Bash
How is the non-root user `webapp` created in the Dockerfile?
Open an interactive chat with Bash
CompTIA Linux+ XK0-006 (V8)
Services and User Management
Your Score:
Report Issue
Bash, the Crucial Exams Chat Bot
AI Bot
Loading...
Loading...
Loading...
IT & Cybersecurity Package Join Premium for Full Access