hadolint/DL3002¶

Last user should not be root.

Property	Value
Severity	Warning
Category	Security
Default	Enabled

Description¶

Switching to the root USER opens up certain security risks if an attacker gets access to the container. In order to mitigate this, switch back to a non-privileged user after running the commands you need as root.

Examples¶

Problematic code¶

FROM busybox
USER root
RUN ...

Correct code¶

FROM busybox
USER root
RUN ...
USER guest

Reference¶

hadolint/DL3002