I do not know if this is the correct place to ask this question but since this is closely related to B4J maybe this is the correct place to do it.
I was talking to a guy who knows about security and he mentioned to me some that it would be better if I run the apps in docker containers with reduced privileges. So I checked this and have managed to do it successfully with a B4J webapp. What though doesn't work is that I would like to add in there a file that has to remain unchanged and undeleted. I thought It would be a good practice to change the owner and the group of the file to root and give read access only to all (that is the low privileges user). It does not seem to work because while you cannot edit the txt file with nano you can very well rename it and/or delete it in the docker container. I do not know how this is possible since it has only read access and if I do "ls -la" it shows all the correct settings in the owner and access rights for all three categories (user, group, all).
Can anyone more experienced give an advice on this and what to do?