Is it safe to run OpenJDK images like Eclipse Temurin as root?

Question

I noticed that the examples for running the Eclipse Temurin Docker images run the images as root and not as non-root user.

I thought it always would be better to run Docker images as non-root user?

Is it safe to run the Temurin images as root? (For example in a Azure K8s cluster?)

If not, which user should I use? Uid 65534 (nobody)? Or should I create a new user?

score 1 · Accepted Answer · edited Sep 19 '22 at 07:39

1

I found out that using the user nobody with uid 65534 works quite fine.

Now my Dockerfile looks like this:

FROM eclipse-temurin:17-jre-alpine
ARG JAR_FILE=target/*.jar

RUN mkdir /home/nobody
WORKDIR /home/nobody

COPY ${JAR_FILE} app.jar

USER 65534

...

edited Sep 19 '22 at 07:39

isnot2bad

answered Jun 20 '22 at 14:10

Datz

1 Answers1