hadolint/DL3046

useradd without flag -l and high UID will result in excessively large image.

Property	Value
Severity	Warning
Category	Performance
Default	Enabled
Auto-fix	Yes (`--fix`)

Description

Without the -l or --no-log-init flag, useradd will add the user to the lastlog and faillog databases. This can result in the creation of logically large (sparse) files under /var/log, which inflates container image sizes due to the lack of support for sparse files in overlay filesystems.

Examples

Problematic code

RUN useradd -u 123456 foobar

Correct code

RUN useradd -l -u 123456 foobar

Auto-fix

Inserts -l flag after useradd when UID is greater than 99999 and -l/--no-log-init is not already present.

# Before
RUN useradd -u 100001 appuser

# After (with --fix)
RUN useradd -u 100001 -l appuser

Reference

hadolint/DL3046

Overview

Security

Correctness

Performance

Style

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

hadolint/DL3046

Description

Examples

Problematic code

Correct code

Auto-fix

Reference

Overview

Security

Correctness

Performance

Style

GPU / CUDA

PHP

PowerShell

Windows

BuildKit Rules

Hadolint Rules

ShellCheck Rules

​Description

​Examples

​Problematic code

​Correct code

​Auto-fix

​Reference

Description

Examples

Problematic code

Correct code

Auto-fix

Reference