Docker Non-Root Best Practices Cheat Sheet

Last Updated: November 21, 2025

Focus Areas

Focus
`Create non-root user`
Limit capabilities with `--cap-drop`


         adduser --disabled-password appuser

Create user


         docker build --cap-drop=ALL

Build secure


         docker run --user appuser

Run

Non-root containers shrink attack vectors.

💡 Pro Tip: Combine Dockerfile `USER` with Linux permissions.