Docker Community Forums

Share and learn in the Docker community.

Using an explicit UID/GID

(Nixtty) #1


The best practices page mentions the below:

Consider an explicit UID/GID
Users and groups in an image are assigned a non-deterministic UID/GID in that the “next” UID/GID is assigned regardless of image rebuilds. So, if it’s critical, you should assign an explicit UID/GID."

What is the significance of explicitly specifying the UID/GID?
Under what scenario allowing the system to assign the UID/GID does not provide sufficient security?

Explicitly specifying these values seem to have the downside of a leading to a situation in which the explicitly specified value (UID/GID) is already in use.