Creating an application user

The next step is to create an application user that our application will run as. By default, Docker containers run as root, which is fine for test and development purposes, however, in production, even with the isolation mechanisms that containers provide, it is still considered best practice to run your containers as a non-root user:

# Test stage
...
...
# Release stage
FROM alpine
LABEL application=todobackend

# Install operating system dependencies
RUN apk add --no-cache python3 mariadb-client bash

# Create app user
RUN addgroup -g 1000 app && \
    adduser -u 1000 -G app -D app

In the preceding example, we first create a group named app with a group ID of 1000, and then create a user called app with a user ID of 1000, which belongs to the app group.