Do not use root user in Docker container

[TheAssassin]

Docker containers running processes as root are not recommended for various security reasons. Please change your container so it runs with a non-privileged user by default.

As far as I can see, the only reason it requires root is because Apache2 wants to listen on port 80. Many other Docker containers successfully made theirs listen on a port > 2^10 (1024), which then allows for running it with a regular user.

[eerotal]

This sounds like a good idea, however the default way of running apache2 on pretty much all systems, including the php+apache2+debian container I'm using, is to run the master process as root. The master process then spawns child processes that handle web requests. These child processes are not run as root. The master process requires root privileges because it needs to read various configuration and certificate files owned by root and because it usually needs to bind on port 80. I don't really see a reason to run a web server on a port other than 80 or 443 either.

I think I could modify the container to run apache2 as a non-root user, but it's not necessarily a trivial thing to do.

[TheAssassin]

There's a few examples of this kind of deployment in other Docker images, but mostly for nginx and php-fpm. Not sure how much work it would be for Apache2.