Improve security of container

[kazan417]

Use USER directive according to docker best practice. Run as non root. Required for OpenShift container certification.

[grooverdan]

There are UBI images that run with a USER directive because of OpenShift container certification requirements. See #598.

There is no docker best practices around the use of USER. The root user is low privileged within a container.

Why it runs as root? -- see this FAQ.

recommend looking at #287 / #256. The root is used to change the ownership of VOLUME files but otherwise it changes quickly to mysql to continue. --user mysql will work, provided the ownership of the volume is right, which is runtime dependent.

Normally a blank volume is writeable by root, which is really odd with a USER directive in the container because who realisticly is going to write to it? VOLUMES aren't intended to be read only.

[kazan417]

Well. thanks for pointing to FAQ.. By the way filling a new volume workg great for me, but i am also define my own UIDs before running containeran created folder. Elsewhere it does not work.
Now i understand why.