Why should I run custom images as sagemaker-user?

[peter-wimsey]

The examples in this repo and the image configuration in SageMaker Studio assume that custom images are run as user sagemaker-user with UID 1000 and GUID 100.

However, at least some of SageMaker's own images (Data Science and PyTorch for example, have not tested all) run as root.

Running as something other than root makes installing into the kernel image at runtime difficult:

$ pip install some-package
Defaulting to user installation because normal site-packages is not writeable
...

and I end up with files in the user's home directory where they don't get cleaned up.

Why should I not just run as root like SageMaker's built-in images?

[otmcevoy]

A few years late but adding a comment in case it's helpful, while reading some documentation I stumbled across this:

GID/UID limits
Amazon SageMaker Studio Classic only supports the following DefaultUID and DefaultGID combinations:

DefaultUID: 1000 and DefaultGID: 100, which corresponds to a non-priveleged user.

DefaultUID: 0 and DefaultGID: 0, which corresponds to root access.

So I think the SageMaker built in images must be setting the IDs to 0 which grants the users root access. These examples set the IDs to 1000/100, which could be useful if you wanted more fine-grained permission controls and to limit the administrative capabilities of common users.