Run containers with non-root user


The article suggests the best practice for docker containers is to run with least privileged access wherever possible. To achieve this, for our deployments we’re wrapping the loraserver, app server and gateway in Dockerfiles that move the executable to the /home directory and set the user:group to nobody:nogroup.

For example:

FROM loraserver/loraserver:2.5.0
RUN mv /root/loraserver /home/
USER nobody:nogroup
ENTRYPOINT ["./loraserver"]

I wanted to see if that’s something the community would be open to adding to the base docker images. If so, I’d be happy to open PRs for that.