Joke aside, let’s think about the problem: Docker is using a client-server architecture. No doubt dockerd
, the Docker server, is a privileged process that must be run as root. But what about the docker
command line client? Why does it require elevated privileges? Why can’t an ordinary unprivileged user send commands to the Docker server? Well, actually (s)he can, and that only requires a tiny change of the user account configuration:
However, if we may do it, that does not necessarily mean we should do it. So, in that video, you will learn a little bit more about the Docker architecture. And most important, I will mention the potential security issues that may arise if you allow an untrusted user to interact directly with the Docker engine. That way, you will have all the keys in your hands to choose if you want to do that or not (hint: you probably do not want to do that in production).
This video is related to my Docker series. If you are very new to containers, I may suggest watching the following two videos first:
What is Virtualization, notably showing the difference between virtual machines and containers
How to install Docker on Debian/Ubuntu/CentOS for the basic setup of Docker on your system
If you don’t have the time to watch the video entirely, here are few links to jump directly to the section that interests you the most:
It’s a lot of work to maintain this channel, and the only thing I can take joy in from what I do is seeing more subscribers and the channel growing. That’s why I’m asking you to recommend and share the following links on your favorite social media and websites. Thanks!