Accenture: Insecure Container with Root User — DevOps Interview Q&A (2026)

All Questions Essential 0/100

55. Insecure Container with Root User

Beginner Mode

Start your terminal to use beginner mode.

Scenario

A Dockerfile at /home/interview/Dockerfile builds a Python web application tagged as myapp:secure. The container runs as the root user (UID 0) with extensive Linux capabilities, violating the principle of least privilege.

Task

Harden the Dockerfile by creating a non-root user appuser with UID 10001, switching to that user for application execution, ensuring application files have appropriate permissions, rebuilding the image with the tag myapp:secure, and verifying the container runs with reduced privileges while maintaining full functionality.

Example

# Before (running as root)

uid=0(root) gid=0(root) groups=0(root)

# After (running as non-root user)

uid=10001(appuser) gid=10001(appuser) groups=10001(appuser)

Reduced capability set present

Application responds with non-root user confirmation

curl http://localhost:5000/health
Response: {"status":"healthy","uid":10001,"user":"appuser"}

Step 1: Check the current user ID

docker run --rm myapp:secure id

Shows UID 0 (root) by default. Docker containers run as root unless explicitly configured otherwise.

Step 2: Edit the Dockerfile to add non-root user

nano /home/interview/Dockerfile

Examine the file and add non-root user creation. The USER instruction must come after operations requiring root privileges (like apt-get, chown):

FROM python:3.11-slim

WORKDIR /app

COPY requirements.txt .
RUN pip install --no-cache-dir -r requirements.txt

COPY app/ /app/

# Create non-root user with specific UID/GID
RUN groupadd -r -g 10001 appuser && \
    useradd -r -u 10001 -g appuser appuser

# Give ownership to non-root user
RUN chown -R appuser:appuser /app

# Switch to non-root user
USER appuser

EXPOSE 5000

CMD ["python", "main.py"]

Save and exit (Ctrl+O, Enter, Ctrl+X). UID 10001 avoids conflicts with system users (0-999).

Step 3: Build the hardened image

docker build -t myapp:secure .

Rebuilds the image with the non-root user configuration.

Step 4: Verify non-root user

docker run --rm myapp:secure id

Should show UID 10001 (appuser), not 0 (root).

Step 5: Check username

docker run --rm myapp:secure whoami

Should show "appuser", confirming the USER instruction worked.

Step 6: Test application functionality

docker run -d -p 5000:5000 --name myapp-test myapp:secure

Starts the container as non-root user.

Step 7: Verify application responds

curl http://localhost:5000/health

Tests that the application works correctly as non-root.

Terminal requires a larger screen

Open this page on a desktop or tablet (≥ 768px) to launch the terminal and practice hands-on.

Linux Terminal Environment

Write and execute your solution in the terminal below.

Essential

Linux 0/29

AWS 0/10

Kubernetes 0/15

CI/CD 0/5

Networking 0/9

Question	Difficulty	Company	Access
Create AWS IAM Admin User with Group and Policy	Easy	Accenture	Free
Create IAM Role for EC2 with Full IAM Access	Easy	Coinbase	Free
Create a Hello World Lambda Function	Easy	Adobe	Free
Launch an EC2 Web Server Instance	Easy	EPAM	Free
Design Egress Only VPC with NAT	Medium	Twitch	Free
Audit and Enforce Least-Privilege IAM Permissions	Easy	Amazon	Free
Create Route 53 Hosted Zone and DNS Records	Easy	Kayak	Free
Create Route 53 Health Checks	Easy	Autodesk	Free
Build a Serverless API with Lambda, API Gateway, and DynamoDB	Hard	Amazon	Free
Deploy an Internal Web App with VPC, EC2, ALB, and Route 53	Hard	Lyft	Free
Managing High I/O Processes	Easy	Revolut	Free
Analyzing Log Partition Usage	Medium	RedHat	Free
Using Unmounted Partitions	Medium	RedHat	Free
Tracing Log File Writes	Easy	Bloomberg	Free
Port Conflict Resolution	Easy	Datadog	Free
Diagnose Nginx CPU Bottleneck	Easy	Palantir	Free
Debug SSH Lockout	Medium	TCS	Free
Monitoring Process Ownership	Medium	HashiCorp	Free
Rapid Disk Growth on /var	Hard	Google	Free
Detect Memory Leak by Monitoring RSS	Medium	Google	Free
Fix Inode Exhaustion Issue	Medium	DeutscheBank	Free
Fix HTTPS Certificate Error	Medium	GitHub	Free
Real-Time Log Timestamping	Medium	Adobe	Free
Manage Service Failure Recovery	Hard	Apple	Free
Nginx Rate Limit Calculation	Hard	Cloudflare	Free
Update Cloud Configs	Medium	Stripe	Free
Automated Archive and Retention	Hard	Microsoft	Free
Trace Process Service Ownership	Hard	NVIDIA	Free
Handling Large Log Archives	Easy	Amazon	Free
Upload-Safe File Partitioning	Medium	GoDaddy	Free
Fix Port Exhaustion for High-Speed Scraper	Medium	X	Free
Validating Network Routes	Medium	Google	Free
Validating DNS Consistency	Easy	SAP	Free
Network Packet Loss Diagnosis	Easy	Cloudflare	Free
Network Port Service Cleanup	Easy	Apple	Free
Temporary Route Configuration	Easy	Spotify	Free
Inspecting HTTP Traffic Flow	Medium	Airbnb	Free
Network Socket Usage Analysis	Easy	SAP	Free
Forward Traffic Between Ports	Medium	Meta	Free
Crashing Misconfigured Pod	Medium	Reddit	Free
Image Pull BackOff and Secrets	Medium	Datadog	Free
CronJob Schedule Misconfiguration	Medium	RedHat	Free
Traffic Splitting with Native Kubernetes	Medium	Adobe	Free
ConfigMap Reload with Sidecar	Medium	Yelp	Free
Implement StatefulSet with Stable DNS	Medium	Okta	Free
StorageClass and PVC Expansion	Medium	Datadog	Free
OOMKilled Pod Analysis & Fix	Medium	Accenture	Free
Secure Internal Service Communication	Medium	Dropbox	Free
CRD Schema Validation	Hard	Slack	Free
Dynamic Volume Expansion	Easy	EPAM	Free
Custom Resource Definition Setup	Medium	ActivisionBlizzard	Free
Create Namespace	Easy	Accenture	Free
Pod with Readiness Probe	Easy	Zscaler	Free
Pod Viewer Access	Easy	Reddit	Free
Insecure Container with Root User	Medium	Accenture	Free
Macvlan Network Configuration Fix	Hard	Uber	Free
Container CPU Limit Configuration	Easy	IBM	Free
Memory Limit and OOM Killer	Medium	DeliveryHero	Free
Graceful Shutdown with SIGTERM Handling	Medium	Robinhood	Free
Log Rotation Size Limit Configuration	Easy	DeliveryHero	Free
Docker Multi-Architecture Image	Easy	Accenture	Free
Docker Binary Architecture	Easy	Adobe	Free
Docker Storage Driver Performance	Medium	GitHub	Free
Docker Volume Cross-Platform Consistency	Easy	GitLab	Free
Optimize Dockerfile	Medium	Shopify	Free
Rebase Feature Branch onto Correct Base	Easy	Samsung	Free
Restore File to Previous Version	Medium	Slack	Free
Convert Remote from HTTPS to SSH	Easy	EPAM	Free
Rebase Feature Branch	Easy	GitHub	Free
Stash Work, Fix Bug, Restore and Update	Medium	IBM	Free
Remove Last Commit and Discard Changes	Easy	GitLab	Free
Shallow Clone Limited to Latest Commit	Easy	Elastic	Free
Checkout Single File from Another Branch	Easy	Twilio	Free
Remove File from Entire Git History	Medium	Netflix	Free
Merge Repositories Preserving Both Histories	Medium	Zscaler	Free
Fix Repository with Unrelated Histories	Medium	Zscaler	Free
Stage Only Specific Files	Easy	CrowdStrike	Free
Undo Commits but Keep Changes	Easy	CrowdStrike	Free
Cherry-Pick Specific Commit	Easy	Ubisoft	Free
Recover Lost Commits from Detached HEAD	Medium	Kayak	Free
Docker Image Tagging with Commit SHA	Medium	Microsoft	Free
Matrix Build Strategy	Medium	Spotify	Free
Multi-Job Workflow with Artifact Handoff	Medium	Anthropic	Free
Path-Based Workflow Execution	Medium	Coinbase	Free
Automated Rollback on Deployment Failure with Values File Restoration	Medium	NVIDIA	Free
Two Sum	Easy	Cloudflare	Free
Valid Palindrome	Easy	Capital One	Free
Best Time to Buy and Sell Stock	Easy	Palantir	Free
Valid Parentheses	Easy	Splunk	Free
Binary Search	Easy	Intel	Free
Group Anagrams	Medium	Netflix	Free
Top K Frequent Elements	Medium	Cloudflare	Free
Product of Array Except Self	Medium	Samsung	Free
Valid Sudoku	Medium	AMD	Free
Longest Consecutive Sequence	Medium	Meta	Free
Two Sum II - Input Array Is Sorted	Medium	Databricks	Free
Container With Most Water	Medium	Amazon	Free
Search a 2D Matrix	Medium	SAP	Free
Contains Duplicate	Easy	Apple	Free
Valid Anagram	Easy	Anthropic	Free

Need more practice in this area? Explore more questions →