CV0-004 · Question #275
CV0-004 Question #275: Real Exam Question with Answer & Explanation
The correct answer is B: Add USER myapp to the Dockerfile and rebuild the container.. By adding USER myapp to the Dockerfile, the container will run processes as the specified non- root user instead of the default root user. This ensures that any files created inside the container, including those in /project-files, are owned by myapp rather than root. Running con
Question
An application that is running on containers writes files to the operating system after processing data. The produced output files are stored under /project-files owned by root. A cloud engineer needs to make sure no output files are owned by root. Which of the following actions should the engineer take to best achieve this objective?
Options
- AMount the volume in Docker using --user=myapp.
- BAdd USER myapp to the Dockerfile and rebuild the container.
- CRun chown myapp:myapp /project-files with cron every minute.
- DModify the container application to execute sudo -u myapp myapp.
Explanation
By adding USER myapp to the Dockerfile, the container will run processes as the specified non- root user instead of the default root user. This ensures that any files created inside the container, including those in /project-files, are owned by myapp rather than root. Running containers as a non-root user is also a best practice for security.
Topics
Community Discussion
No community discussion yet for this question.