Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

non-root user how to install docker?

Tags:

docker

centos

I am using a CentOS 6.9 system of High performance computation platform and I wanna use docker with non-root user. Is there a method that I can build docker from source and do not need root privilege?

like image 498
Shixiang Wang Avatar asked Jan 27 '18 07:01

Shixiang Wang

People also ask

Can docker be installed as non-root?

Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime. Rootless mode does not require root privileges even during the installation of the Docker daemon, as long as the prerequisites are met.

Can you install docker without admin rights?

Docker is insecure by design, if a user can run docker command without admin rights (. i.e. belongs to docker group) this basically means that this user can escape the container and become admin on the host.

Should docker run as root or user?

One of the best practices while running Docker Container is to run processes with a non-root user. This is because if a user manages to break out of the application running as root in the container, he may gain root user access on host.

2 Answers

This shouldn't be possible as it would be a major security concern.

When docker is installed on a machine, users with docker access (not necessarily root) can start containers. In particular, they can start containers in priviliged mode, giving the container access to all host devices.

More importantly, A user with access to docker can mount directories owned exclusively by machine root. Since by default, a root user inside the container will have access to mounted root-owned directories inside the container, this will allow any Docker container started by a non-root user to access critical machine stuff.

Therefore, the sequence of having a non-root user install Docker and start containers should not be allowed as it can compromise the whole machine.

Check this explicit comment from one of the docker maintainers.

like image 61
yamenk Avatar answered Oct 07 '22 19:10

yamenk

Update to the yamenk's answer:
There is now an official rootless mode for Docker: Run the Docker daemon as a non-root user
Here's an explanation of how it works from one of Docker engineers: Experimenting with Rootless Docker

like image 36
Konstantin Avatar answered Oct 07 '22 19:10

Konstantin
Sign in to Comment

Related questions

How to create docker image for local application taking file and value parameters
Run gulp with an arbitrary gulpfile name (not gulpfile.js)
connect robomongo to mongoDB docker container
Understanding Gunicorn and Flask on Docker/Docker-Compose
Passing aws credentials to Docker
undefined: grpc.SupportPackageIsVersion7 grpc.ServiceRegistrar
Exceptions in .dockerignore
how certificates get derived from the real fabric-ca-server certificate in hfc-key-store in hyperledger?
Access other containers of a pod in Kubernetes
apt-get update fails with 404 in a previously working build
Docker Compose failed to build - Filesharing has been cancelled - eShopOnContainers
Docker can't connect to Container exposed port
can't run react app with docker container
docker: command not found ( mac mini ) only happens in jenkins shell step but work from command prompt
Docker-Compose Postgres 5432 Bind: Address already in use error
Change the terminal app for Docker Quickstart Terminal
How to run swagger-ui with local code changes AND my own swagger.json?
Docker Could not resolve 'deb.debian.org'
How to install pgrep/pkill on debian wheezy docker image
View Tensorboard on Docker on Google Cloud

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!