SQL Server 2019 containers makes it easier and simpler to work with data, and monthly preview releases offer the latest innovation and improvements. In addition to feature additions and performance improvements, we are also going to make SQL Server 2019 containers safer by starting the SQL Server process as a non-root user by default.
The application process within most Docker containers is running as a root user meaning the process has root privileges within the container user space. The root user within the container is also the same root (uid 0) on the host machine, and if the user can break out of the container, they would have root permissions on the host. Running as root is convenient for development, testing and CI/CD use cases but for production use cases, it is safest to run SQL Server as a non-root process within the container. In this blog, we’re going to share with you how you can preview this upcoming improvement by creating your own non-root SQL Server container.
Follow the steps below to build a SQL Server 2019 container that starts up as the mssql user.
docker build -t 2019-latest-non-root https://aka.ms/mssql2019-non-root
docker run -e "ACCEPT_EULA=Y" -e "SA_PASSWORD=MyStrongP@ssword" --name sql1 -p 1433:1433 -d 2019-latest-non-root
docker exec -it sql1 bash
As containers improve the way we develop, deploy and run SQL Server, it is important that we are using the best security practices in production. Non-root SQL Server 2019 containers will enable you to run workloads safer in production.
Check out our docs on how you can learn more about working with SQL Server containers permissions at
You must be a registered user to add a comment. If you've already registered, sign in. Otherwise, register and sign in.