我最近一直在构建一些 python Docker 镜像。最佳实践显然是不要以 root 用户身份运行容器并删除非特权用户的 sudo 权限。
但我一直想知道解决这个问题的最佳方法是什么。
这是一个 Dockerfile 示例
FROM python:3.10
## get UID/GID of host user for remapping to access bindmounts on host
ARG UID
ARG GID
## add a user with same GID and UID as the host user that owns the workspace files on the host (bind mount)
RUN adduser --uid ${UID} --gid ${GID} --no-create-home flaskuser
RUN usermod -aG sudo flaskuser
## install packages as root?
RUN apt update \
&& apt upgrade -y …