Use -l with useradd

This product is not supported for your selected Datadog site. ().
이 페이지는 아직 영어로 제공되지 않습니다. 번역 작업 중입니다.
현재 번역 프로젝트에 대한 질문이나 피드백이 있으신 경우 언제든지 연락주시기 바랍니다.

Metadata

ID: docker-best-practices/useradd-l-flag

Language: Docker

Severity: Warning

Category: Best Practices

Description

When building Docker images, using useradd -l ensures that the new user is created without adding entries to system login tracking files like /var/log/lastlog or /var/log/faillog. These files are irrelevant in containers since they don’t persist user sessions or keep login histories, and in minimal images they may not even exist, which can lead to errors or unnecessary file creation during build.

This makes your image smaller, cleaner, and more reliable. Since containers are designed to run processes rather than serve as full login environments, disabling login record tracking speeds up builds, avoids warnings, and follows best practices for lightweight, secure Docker images.

Non-Compliant Code Examples

RUN useradd -u 123456 foobar

Compliant Code Examples

RUN useradd -l -u 123456 foobar
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

원활한 통합. Datadog Code Security를 경험해 보세요

Datadog Code Security