How to run Nextcloudpi Docker Container/Image with Non-Root User

#1

Is there a way to run the Nextcloudpi Docker Container with a non-root user inside the container?
One way could be to create your own image based on the original and add a default user. Which folders and files must be changed with the chown command (to a default user) so that the container also runs with a default user?
Thank you.

#2

I usually add myself to the docker group, in order for me to run docker without sudo.

But assuming that is not what you mean, for what reason or purpose do you want a non privileged user to run inside the container?

#3

I know, I will do it as well. But being a member in the docker group it is possible to get root access on the host through privilage evelation with starting a container with a root user inside (default) and mount “/”. But this is not what I mean. In the CIS_Docker_Community_Edition_Benchmark_v1.1.0 Chapter 4.1 its recommendation says: “Create a non-root user for the container in the Dockerfile for the container image”. As well the Docker security docs say: “Docker containers are, by default, quite secure; especially if you run your processes as non-privileged users inside the container”.

We are also use this on my work and I just wanted to know if it is easy to build a new image from the original with a default user added. For this I need to know which files and folders inside the container/image has to be “chowned” to the default user.
If this is difficult and too expencive I will work only with the user namespaces. “This feature allows for the root user in a container to be mapped to a non uid-0 user outside the container, which can help to mitigate the risks of container breakout”.

But I am not really sure if it is the same as adding a default user in the dockerfile.