Is this correct? A random user ID can delete a file owned by root?
docker run -ti -u 1001 debian:stretch
I have no name!@2af53be18a40:/$ rm -f /etc/passwd
I have no name!@2af53be18a40:/$ ls /etc/passwd
ls: cannot access '/etc/passwd': No such file or directory
I think this used to work (i.e. permission denied), although I haven't tried that exact sequence of commands in the past. The results above are from
Docker version 1.12.2, build bb80604 running on Stretch.