Docker Security Best Practices | Run Containers as Non-Root User

DevOps Labs — Real-World Docker Security That Engineers Must Know

Author

Arbaz M
September 30, 2025

🎯 Why Docker Security Matters

By default, many Docker containers run as root.

That means if your app gets compromised, the attacker instantly gets root privileges inside the container — and sometimes even on the host.

This isn’t just theory. In production, root containers are one of the most common security misconfigurations DevOps engineers make.

The fix? Run your apps as a non-root user inside Docker.

▶️ What You’ll Learn in This Video

In this step-by-step hands-on demo, I break down: https://youtu.be/klbgi1d1UpY

📌 Why Root Containers Are Dangerous

  • Risk of privilege escalation

  • Why attackers love root containers

📌 Hands-On Setup

  • Writing a Dockerfile with a non-root user

  • Running the app inside the container

📌 Debugging Permissions

  • Run as non-root → ❌ permission denied when binding to port 80

  • Why Linux requires root for ports <1024

📌 The Fix

  • Use higher ports (e.g., 5000)

  • Or grant specific Docker capabilities instead of full root

📌 Best Practices

  • Always use USER in your Dockerfile

  • Run apps on non-privileged ports

  • Keep security checks in your CI/CD pipeline

👉 Watch the full video here: https://youtu.be/klbgi1d1UpY
👉 Get 24+ reproducible DevOps labs + future guides by subscribing:
learnwithdevopsengineer.beehiiv.com/subscribe

🛠 Takeaway Example Command

❓ How do you run an app inside a Docker container as non-root?

✅ Answer: 

# Create user
RUN useradd -m appuser

# Switch to non-root
USER appuser

# Expose high port
EXPOSE 5000

💡 If you try to bind port 80 as non-root → ❌ permission denied.

💡 Why This Guide Stands Out

  • Real-world focus → I don’t just explain; I simulate permission errors.

  • Debug-driven → You’ll see what breaks and how to fix it.

  • Production-ready → By the end, you’ll know how to secure your containers like an engineer, not just run them.

This isn’t theory — it’s security you’ll actually use in production.

👋 Final Note

If you enjoyed this breakdown, hit subscribe to my newsletter.
Every week I share real DevOps outages, interview prep, and hands-on labs you can reproduce — so you’ll never be caught off guard in production.