Hello Docker community!
I’ve recently been exploring the rootless mode. It’s a great security improvement that I’d like to bring to my self-managed servers.
docker user is added to the
sudo group, and any user who needs access to
docker CLI needs to be a part of the
docker group. This is per the Post-installation steps for Linux documentation.
Now, upon a move to rootless Docker as detailed in the official docs, each user will have its own docker configuration and its own data root path under their own home directory.
Unfortunately, one of these servers is shared by multiple people and the images/containers/volumes need to be available to all the users. My idea at the moment is that I should go ahead and update the daemon config for each user at
~/.config/docker/daemon.json and point the data directory to a shared path:
orgName would have group read-write-execute permissions so all users on that group can access this shared docker data dir.
One, am I heading in this correct direction? Would rootless Docker pick this up for all users whose daemon points to this data dir?
Two, are there any security implications with this?