Add user to conatiner, so that ffmpeg does not run as root

[trbntwo]

Hello,

would it be possible to add users to in the container files so that ffmpeg is not run as root user in the container?

This should increase security, as another abstraction layer and is generally one of the best practices as far as container building is concerned.

For images based on distributions, it should be possible to add a user via

RUN useradd

in the final image.

And for scratch images, you could either

RUN useradd 

in the image which compiles ffmpeg and then

COPY --from=build /etc/passwd /etc/

to the final image, or a cleaner way, in my opinion, would be to write a small passwd file of your own (something like this:)

ffmpeg:x:999:999::/ffmpeg:

and then

COPY ./path/to/passwd/in/repo /etc/