DEV Community

Discussion on: 10 reasons to choose Linux

 
nicekiwi profile image
Ezra Sharp • Edited

Maybe I should rephrase that @avalander . Must be run with root privillages. Which is what the docker group enables you do do without the sudo command. As any commands that are run in a docker container run with root permissions in the host when directories or files are shared. See Docker surface level attack.

You can setup the docker process to run as a manually created user who has the docker group and reduced permissions elsewhere, but it becomes less and less convenient to setup and use.

Thread Thread
 
wolfiton profile image
wolfiton

Thanks for explaining more with examples and also for the warning regarding the surface attack.