loading...

One of those wtf moments when using docker

zaffja profile image Zafri Zulkipli ・2 min read

I've been using docker for a year and a half now. Since then I've learned many neat and cool tricks about docker. I'm gonna share with you one particular trick that I find very interesting when using docker. Take a look at below script.

docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps

At first glance you can tell that I'm using busybox image to do nothing than just to remove my deps folder. But why should we concern about this? Well, it turns out that docker leverages root access, meaning we're basically running sudo rm -rf deps without asking for our sudo password! That's dangerous!!!

Although it is dangerous, it is quite useful as well. We just have to be careful on the way we use it that's all. Tbh, I've used this trick quite a lot in my development. The example above is actually a part of my Makefile setup as depict below

setup:
        docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps
        docker run --rm -it -v $(PWD):/app -w /app elixir:1.6 mix local.hex --force && mix deps.get
        cd assets && $(MAKE) setup
        docker-compose build

As you can see, I'm developing an elixir application, and make setup is something you want to run quite a few times (if not just one time). So this ensure that if somebody were to clone my project, running make setup for them would be a breeze and won't have any issues regarding permission.

Anyways, what do you think of this trick? Is it good? Bad? Share your thoughts with me and if possible how can I improve my setup.

Discussion

pic
Editor guide
Collapse
kwmlodozeniec profile image
Krzysztof

I personally feel using docker for nuke type operations to circumvent potential permission issues is a bad idea. Permissions are a safeguard at the end of the day.

Collapse
zaffja profile image
Zafri Zulkipli Author

When I first found out about this, I had the same thoughts as well. But eventually I encounter more and more problems regarding permissions, thus making me trade security for convenience.

Although I highly don't recommend doing this for production applications as well. But I just use this for my pet projects as well as for learning purposes.

Collapse
dmfay profile image
Dian Fay

It still seems like you're going to a lot of trouble for it compared to setting NOPASSWD: ALL in sudoers. And it's easy to forget what you did in a makefile and publish it.