Hi,
I’m noob with docker so I’m trying to install it on a Ubuntu 20.04 server, without any issue.
But I would like to create a dedicated user to docker, is it a best practice ?
If yes, does this user need to be a member of sudo group ? Or a standard user without any privileged is OK ?
Thank you !
Edit : I already tried to create a non-sudo user, add it to docker group then restart server. After that, I need to do a sudo chmod 666 /var/run/docker.sock to work, is it the good way ? Thanks.
I am not sure how you come up with what you did, but following the three steps mentioned in the post-installation steps for Linux are sufficient.
Regardless of what you think, the docker daemon runs with root privliges. If a user is allowed to access the docker.sock, he can mount the hosts root filesystem into a container where he is the root user. Giving unprivileged users acess to the docker.sock is purely for convinience in exchange for a potential loss of security.
Thank you, I followed the three steps but I had a permission error. So after searching on Google, I found the workaround with chmod 666.
So I should use a privileged user instead of giving access to docker.sock to an unprivileged user ?
That’s pretty much up to you
I just wanted to make sure that you are aware that this is purely for convenience and does not add any security with docker.
If you are the only user on the system and want to use an unprivliged user: go ahead and do so for the sake of convenience. If you have other users: be sure to only grant those users access to docker.sock that you would add to your sudoers list.
Thank you. I’m the only user on the system and it was just to add security (to not use a sudoer user) but if it had nothing it’s useless for me