Is there a way to have Flows run as a different Linux user (as in, not

root

?)

How would you do it without Prefect?

I guess

su <user>

? (I feel like I tried doing that with the Bash Task before and it not quite working though?)

What is your agent? Maybe you can try as entrypoint? Sounds like it can’t be done though

Am looking here for any keyword that might help but not seeing any

you could specify the USER in your Dockerfile before building and pushing your image to ECR:

FROM prefecthq/prefect:latest
COPY requirements.txt .
RUN pip install -r requirements.txt
USER 1000:1000

Tried that, actually! No luck 😞

could you elaborate a bit more on what do you mean by no luck? can you walk us step by step on how you build the image and how you test which user runs processes in the container?

So, I tried having a line of

USER <number>

in the Dockerfile, but it still winds up creating certain files (generated by some internal code) in a way that makes them only usable by

root

Thanks for more details. Doing only

USER <number>

in the Dockerfile doesn't include the user group - can you try adding both user and user group? e.g. USER 1000:1000