Hello
The teacher explains in video ch0405 that openshift ignores the user instruction inside the containerfile.
Does openshift do that or does openshift ignores the user mentioned in the user instruction, and replaces it with a random generated user?
I mean, does the position in the containerfile of the user instruction matter? I understood that subsequent instructions are executed as the user mentioned in the user instruction. So also the entrypoint instruction, so also the commands in the container.
So to be certain: as the user in the user instruction are executed:
1. the instructions in the image after the user instruction,
2. the commands in the container.
?
Hello @riemann !
Thanks for reaching out!
The USER instruction sets the user name (or UID) and optionally the user group (or GID) to use as the default user and group for the remainder of the current stage. The specified user is used for RUN instructions and at runtime, runs the relevant ENTRYPOINT and CMD commands.
Refer :https://www.redhat.com/en/blog/a-guide-to-openshift-and-uids ,especially the section User ID (UID) and Containers
I think what @ricardodacosta meant here is "By default, OpenShift Container Platform runs containers using an arbitrarily assigned user ID. This provides additional security against processes escaping the container due to a container engine vulnerability and thereby achieving escalated permissions on the host node"
Nicely explained @Chetan_Tiwary_ .
@riemann Let us know in case you have any more questions.
Pleasure !
Red Hat
Learning Community
A collaborative learning environment, enabling open source skill development.