Hello all, i am really sorry if i am asking something that could be in another post but i am in a dilemma.
My OS is Ubuntu 16.04.3 LTS with a sudo user (aka the ordinary ubuntu setup).
I am planning to make a wordpress - drupal etc development environment and i am learning how to docker and more.
I’ve read many many articles regarding the setup and execution of commands though i am confused about something.
Is it better to run docker with sudo or add the user i am using to work on desktop to the docker group and run commands like docker-compose up -d instead of sudo docker-compose up -d ?
I’ve read that is a security issue if i put the user to the docker group. Is that true or it is applying at a serving content to the web docker deploy ?
Yes the socket runs with root privileges . The user i installed docker and i am running the system is the typical user in Ubuntu in the sudo grp. And when i want to use docker for example to check the running containers i use to do sudo docker ps .
Let’s see what the security issue is (at least one). The containers usually run as root. This permits you to bypass permission checks on the host.
Let’s assume a $USER is inside the docker group. So he can run
$ docker run -v/etc:/malicious -ti --rm alpine
# cd /malicious
# vi sudoers
.... edit, write ...
# <ctl>-D
As such, the user can modify system config that he could not access otherwise. It’s a real risk. But if you have a one-person “personal” machine/VM where the user has sudo permissions in any case … I’d say it’s no real issue.