I’m new to the container world. Does it have any security benefits when I run my applications as a non-root user in a docker container? And how about Podman? There I’ll run the container as an unprivileged user anyway. Would changing the user in the container achieve anything?

  • x1gma@lemmy.world
    link
    fedilink
    English
    arrow-up
    6
    arrow-down
    2
    ·
    1 year ago

    Imagine your containers as very lightweight mini-VMs. Would you run everything as root in your virtual machines? Containers aren’t really that different to classical VMs from an operations point of view. You have a different attack surface, but it is still there, and running as a non-root user inside the container reduces this attack surface, and should IMHO be the default. Privileged containers and users may be required for specific purposes, but should not be the norm, if possible.

    • ck_@discuss.tchncs.de
      link
      fedilink
      English
      arrow-up
      5
      arrow-down
      3
      ·
      1 year ago

      This comment shows misunderstanding of what container and virtual machines are and how the technology behind each concept works. Containers are NOT virtual machines, do not treat them as such.

      • x1gma@lemmy.world
        link
        fedilink
        English
        arrow-up
        4
        arrow-down
        1
        ·
        1 year ago

        You’re right, containers are not VMs, and I’ve never claimed that. For the matter of basic unix access control for a beginner they are similar enough to treat them as such. It’s enough of a baseline for basic security for a beginners workload imo. For advanced use cases - absolutely do not treat containers as you would VMs.