It is easier for developer but risky for end user. Docker runs as root and you h... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		kubav on Sept 25, 2020 \| parent \| context \| favorite \| on: Calibre 5.0 It is easier for developer but risky for end user. Docker runs as root and you have to trust application developer to use latest security patches for all dependencies.

zaarn on Sept 25, 2020 [–]

They run as root per default.

Simply using the "USER <uid/uname>" directory means you run as non-root user with a specified UID. Kubernetes recommends doing that as a baseline security measure. You can also drop caps from a container so even if you are root inside, you can't do a lot of things root can.

Consider applying for YC's Winter 2026 batch! Applications are open till Nov 10
Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact