I am starting to investigate https://hub.docker.com/r/trampgeek/jobeinabox
And, this is pretty much the first thing I have done with Docker, so please excuse my ignorance.
Why set a root password in the Dockerfile? Thanks.
In my understanding, the absence of a root password in Ubuntu prevents anyone logging in as root, so it improves the security. The only path to running commands as root is sudo, which is tightly locked down by the sudoers file. In Jobe, only the webserver can use sudo and then only with 4 very specific commands required for control of a jobe task.
Can your contact give us an example of an exploit that is enabled by the absence of a root password, please?