3.1.1.5 Image Startup Defaults

Image startup defaults are the parts of an image's metadata that determine what happens automatically when a container is started from it without any further instructions — the default command, working directory, user, and environment a container begins with.

The Default Command

The CMD (and optionally ENTRYPOINT) instruction defines what process runs when a container starts, unless a different command is explicitly specified at run time.

FROM python:3.12-slim
WORKDIR /app
COPY . .
CMD ["python", "app.py"]

docker run myapp:1.0

Running the image with no additional arguments executes python app.py, exactly as defined by its startup default.

Default Working Directory

The WORKDIR instruction sets the directory a container's process starts in, and also affects where subsequent Dockerfile instructions like COPY operate relative to, unless an absolute path is given.

docker run --rm myapp:1.0 pwd

This reports the working directory configured by WORKDIR, demonstrating that the container's process starts there by default.

Default Environment Variables

Environment variables set with ENV become part of the container's default environment, available to the process from the moment it starts, unless explicitly overridden.

docker run --rm myapp:1.0 env

Default User

The USER instruction determines which user the container's process runs as by default, which matters both for file permissions and for security, since running as a non-root user limits what a compromised process could do even within its own container.

USER node

docker run --rm myapp:1.0 whoami

Why Startup Defaults Matter

Startup defaults are what let an image be run with a single, simple command and still behave correctly, because every detail needed to run it sensibly — what to run, where, as whom, and with what environment — is already captured as part of the image rather than needing to be specified again every time a container is started.