DL3046

`useradd` without flag `-l` and high UID will result in excessively large Image

Problematic code:

RUN useradd -u 123456 foobar

Correct code:

RUN useradd -l -u 123456 foobar

Rationale:

Without the -l or the --no-log-init flag, useradd will add the user to the lastlog and faillog databases. This can result in the creation of logically large (sparse) files under /var/log, which in turn unnecessarily inflates container image sizes. This is due to the lack of support for sparse files in overlay filesystems. For what it's worth, this behavior becomes more apparent with longer UIDs, resulting in a few megabytes of extra image size with a six digit UID, up to several gigabytes of excessive image size with even longer UIDs. Disabling this functionality from useradd has minimal disadvantages in a container but saves space and build time.

DL3046

useradd without flag -l and high UID will result in excessively large Image

Problematic code:

Correct code:

Rationale:

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Uh oh!

Clone this wiki locally

`useradd` without flag `-l` and high UID will result in excessively large Image