Found useradd without -l flag DOK-P1004

Without the -l or the --no-log-init flag, useradd will add the user to the lastlog and faillog databases. This can result in the creation of logically large (sparse) files under /var/log, which in turn unnecessarily inflates container image sizes. This is due to the lack of support for sparse files in overlay filesystems. For what it's worth, this behavior becomes more apparent with longer UIDs, resulting in a few megabytes of extra image size with a six-digit UID, up to several gigabytes of excessive image size with even longer UIDs. Disabling this functionality from useradd has minimal disadvantages in a container but saves space and build time.

Bad Practice

RUN useradd -u 123456 foobar

Recommended

RUN useradd -l -u 123456 foobar

Exception:

The Debian/Ubuntu adduser wrapper does not support this flag.

References:

• Bug report for the Go archive/tar package’s handling of sparse files.
• Docker's best practices guidelines for the USER command.