---
title: "Validate User Instruction"
diataxis: reference
applies_to:
  product: "kyverno"
audience: ["platform-engineer","devsecops"]
last_updated: 2026-03-25
url: https://docs.nirmata.io/docs/policy-sets/dockerfile_best_practices/validate-user-instruction/
---


### Description

Ensuring the presence and proper configuration of the `USER` instruction in a Dockerfile is essential for enhancing the security posture of containerized applications. This policy aims to validate whether the `USER` instruction is appropriately defined to promote secure container execution practices. If the `USER` instruction is not present, the policy fails.

### Kyverno policy

Refer to the Nirmata curated policies - [validate-user-instruction](https://github.com/nirmata/kyverno-policies/blob/main/dockerfile-best-practices/validate-user-instruction/validate-user-instruction.yaml).

### Resource example

Below is an example of a Dockerfile enforcing this policy.

```bash
FROM ubuntu:latest

USER  me

CMD ["nginx", "-g", "daemon off;"]
```text