Docker Community Forums

Share and learn in the Docker community.

Using an explicit UID/GID


(Nixtty) #1

Hi,

The best practices page mentions the below:
(https://docs.docker.com/develop/develop-images/dockerfile_best-practices/#user)

Consider an explicit UID/GID
Users and groups in an image are assigned a non-deterministic UID/GID in that the “next” UID/GID is assigned regardless of image rebuilds. So, if it’s critical, you should assign an explicit UID/GID."

What is the significance of explicitly specifying the UID/GID?
Under what scenario allowing the system to assign the UID/GID does not provide sufficient security?

Explicitly specifying these values seem to have the downside of a leading to a situation in which the explicitly specified value (UID/GID) is already in use.

Thanks