docker prevent root access