CompTIA Cloud+ (CV0-004) — Question 72

An application that is running on containers writes files to the operating system after processing data. The produced output files are stored under /project-files owned by root. A cloud engineer needs to make sure no output files are owned by root. Which of the following actions should the engineer take to best achieve this objective?

Answer options

• A. Mount the volume in Docker using --user=myapp.
• B. Add USER myapp to the Dockerfile and rebuild the container.
• C. Run chown myapp:myapp /project-files with cron every minute.
• D. Modify the container application to execute sudo -u myapp myapp.

Correct answer: B

Explanation

The correct answer is B because adding 'USER myapp' to the Dockerfile ensures that the application runs as the specified user, thereby creating output files owned by myapp instead of root. Option A would only set the user for the volume mount, not for the entire container. Option C would not prevent root ownership at the point of file creation and would be inefficient. Option D relies on sudo, which is not ideal within a containerized environment.