If security is what you are thinking about then would it be best to log in as the same user in all of the containers you’re using or as a different user for each one? And what about making it so the person accessing the container has to supply credentials to gain access? Even to the extent of some kind of token or even encryption key being required? What are the parameters of this concept? What does the landscape of this concept look like?
- I think I was concerned about how all this effects using containers. Since I’m just getting started learning about all these things I wasn’t sure how to state my concern. I guess I’m thinking that every time you introduce the need to log in which becomes a burden. I think you addressed this near the end of your reply but I’m not sure how much of it I was able to absorb. What I think I heard you say is that when its just containers interacting with one another it doesn’t matter (they do so automatically). And I think you said that even when the person interacts with a container there is no requirement to log in - but I’m not for sure if that’s what you meant.
fwiw I have used the -it flag with docker run - but the result was being logged in as root. I did watch a video on docker container security that explained something about creating a non-priviledged user combined with disabling root login where the result was you had to specify the username in order to get in. Am I remembering that right?
- When I mentioned …
And what about making it so the person accessing the container has to supply credentials to gain access? Even to the extent of some kind of token or even encryption key being required?
I was thinking about a use case where the person using the image (or several images in a connected system) have to be supplied with some token and / or encryption key in order to do anything with them. For example, a developer pulls an image from the organization’s repository (needs to supply login creds to do this in the first place), then, even though they have the image locally they can not do anything with it unless they have some token that they were supplied with that they get from the organization as a dev. So like every dev gets like a project token based on the team they are on and / or their unique identity and they need that to do anything with any image or images they get from the organization’s repo.
Put it another way…
You’re a dev and you get hired on to a new company. They assign you to work on project abc. As part of the resources you are supplied with you are given an access token that you will then use in order to use the container/s you are supplied with by the organization. No token / no access.
Basically I was just exploring the possible limits of container security thinking about things like that.
^ Just trying to give a sense of where I’m at and what’s on my mind and shed some light on that “last paragraph”
What makes it so damn hard to learn things for me is that there isn’t a source (that you don’t have to pay for) that teaches by hands on doing. It’s - read official docs, read some articles, ask questions, stumble around in the dark banging your head against walls trying to implement what little you got from it, binding up and healing from mortal wounds after all your gross failures. Weeks go by and if you come up with something that works its more of a fluke than anything intentional. Finally you learn some tiny little bit of something (because finally it has come by means of hands on application) but its not enough. Weeks have gone by.
Accomplishing anything feels like fighting through quicksand.
Its like being in HELL!