I've been using docker for a year and a half now. Since then I've learned many neat and cool tricks about docker. I'm gonna share with you one particular trick that I find very interesting when using docker. Take a look at below script.
docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps
At first glance you can tell that I'm using
busybox image to do nothing than just to remove my
deps folder. But why should we concern about this? Well, it turns out that docker leverages root access, meaning we're basically running
sudo rm -rf deps without asking for our sudo password! That's dangerous!!!
Although it is dangerous, it is quite useful as well. We just have to be careful on the way we use it that's all. Tbh, I've used this trick quite a lot in my development. The example above is actually a part of my
Makefile setup as depict below
setup: docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps docker run --rm -it -v $(PWD):/app -w /app elixir:1.6 mix local.hex --force && mix deps.get cd assets && $(MAKE) setup docker-compose build
As you can see, I'm developing an elixir application, and
make setup is something you want to run quite a few times (if not just one time). So this ensure that if somebody were to clone my project, running
make setup for them would be a breeze and won't have any issues regarding permission.
Anyways, what do you think of this trick? Is it good? Bad? Share your thoughts with me and if possible how can I improve my setup.
Top comments (3)
I personally feel using docker for nuke type operations to circumvent potential permission issues is a bad idea. Permissions are a safeguard at the end of the day.
When I first found out about this, I had the same thoughts as well. But eventually I encounter more and more problems regarding permissions, thus making me trade security for convenience.
Although I highly don't recommend doing this for production applications as well. But I just use this for my pet projects as well as for learning purposes.
It still seems like you're going to a lot of trouble for it compared to setting
NOPASSWD: ALLin sudoers. And it's easy to forget what you did in a makefile and publish it.