Don’t run docker processes as root user

[nikos]

Inspired by Halil-Cem's talk about Docker best practices today at BedCon, I would suggest to give it a try and see wether the Java processes for each of the Spring Boot microservice applications could run as a non-root user to avoid potential security traps.

See also:

• http://www.projectatomic.io/docs/docker-image-author-guidance/
• https://developers.redhat.com/blog/2016/02/24/10-things-to-avoid-in-docker-containers/

[ewolff]

Thanks a lot for the suggestion! The main goal of this as well as the other demos is to make it as easy as possible to run the demo. It seems that I would need to create a user in the host operating system. I am not even sure how that works if you run Docker on Mac / Windows. In other words: Any idea what needs to be done except for the USER in the Dockerfile - in particular concerning the configuration of the host?

[ewolff]

While I do see the point, I decided not to implement the suggestion. The demo is not meant to be production-ready. Instead it should be easy to run and understand. I made other compromises, too - e.g. all microservices are build with one single build script.