DEV Community

Discussion on: 10 reasons to choose Linux

Collapse
 
nicekiwi profile image
Ezra Sharp

Nope, on Linux you have to run docker as root to run it at all. 😅😅

Thread Thread
 
wolfiton profile image
wolfiton • Edited

I will dive into docker soon.

Thanks for the heads up, on the root access needed, I might look for alternatives now, that are more secure and don't need root privileges to be used.

I opened a new discussion here if you like to join and elaborate more and what you told me here would be great.
Thanks again @EzraSharp

Thread Thread
 
avalander profile image
Avalander • Edited

Nope, on Linux you have to run docker as root to run it at all. 😅😅

This is not entirely true.

Thread Thread
 
wolfiton profile image
wolfiton

So we can use the same idea that some people use with PostgreSQL on Linux.

Thanks for the info

@avalander

Thread Thread
 
nicekiwi profile image
Ezra Sharp • Edited

Maybe I should rephrase that @avalander . Must be run with root privillages. Which is what the docker group enables you do do without the sudo command. As any commands that are run in a docker container run with root permissions in the host when directories or files are shared. See Docker surface level attack.

You can setup the docker process to run as a manually created user who has the docker group and reduced permissions elsewhere, but it becomes less and less convenient to setup and use.

Thread Thread
 
wolfiton profile image
wolfiton

Thanks for explaining more with examples and also for the warning regarding the surface attack.

 
nicekiwi profile image
Ezra Sharp

Historically you could use Docker Machine for that purpose. But the Docker team have specifically abandoned their machine product to focus on Windows and MacOS products. :( It runs as root on Windows and Mac too but in a VM seperated from the host OS. So ironically it's secure on every OS except the one that enables it's technology to work. The Linux kernal.

Thread Thread
 
wolfiton profile image
wolfiton

Very interesting information, can you pojnt me to where you read about that(source)?

Thanks

Thread Thread
 
nicekiwi profile image
Ezra Sharp

Docker running as root is general information.

Docker Machine being placed into maintenance state is here. github.com/docker/machine/issues/4537

Thread Thread
 
avalander profile image
Avalander

Docker can be run in rootless mode as well. Albeit it is still experimental and has some limitations, I expect it will get better soon enough.

Thread Thread
 
nicekiwi profile image
Ezra Sharp

Interesting googles excitedly 😃

Thread Thread
 
ghost profile image
Ghost

It runs as root on Windows and Mac too but in a VM seperated from the
host OS. So ironically it's secure on every OS except the one that enables
it's technology to work. The Linux kernal.

And can't you run it in a VM in Linux, just like in Windows or Mac?

Thread Thread
 
nicekiwi profile image
Ezra Sharp

You can and that's what Docker Machine did without all the fuss (bugs aside). But manually exposing docker outside of the VM to your host is difficult and complex.