Timeline for Is it possible to run docker engine without frequent sudo in a manner as secure as docker desktop?
Current License: CC BY-SA 4.0
11 events
| when toggle format | what | by | license | comment | |
|---|---|---|---|---|---|
| S Mar 4, 2024 at 13:07 | history | edited | AdminBee | CC BY-SA 4.0 |
Minor formatting improvement
|
| S Mar 4, 2024 at 13:07 | history | suggested | Johan | CC BY-SA 4.0 |
comments suggested a fourth possibility
|
| Mar 4, 2024 at 12:58 | vote | accept | Johan | ||
| Mar 4, 2024 at 12:58 | review | Suggested edits | |||
| S Mar 4, 2024 at 13:07 | |||||
| Mar 4, 2024 at 12:54 | comment | added | Johan |
Right, so at least no desktop-linux AFAICT. And your risk calculus, I take it, is that if a hacker were able to operate docker without sudo worse things would probably happen. That makes sense.
|
|
| Mar 4, 2024 at 12:46 | history | edited | Philip Couling | CC BY-SA 4.0 |
deleted 1 character in body
|
| S Mar 4, 2024 at 12:45 | history | suggested | Johan | CC BY-SA 4.0 |
removed some repetition
|
| Mar 4, 2024 at 12:44 | comment | added | Philip Couling |
If I'm totally honest, I just keep myself in the docker group and live with the risk (see xkcd). A half way pont might be to make a dedicated user that you access with sudo -iu docker-admin-user. That way there's limited risk of rogue software gaining access to that user with no password of it's own, but you are not forced to keep typing sudo over and over or re-entering your password. Podman will have similar risks.
|
|
| Mar 4, 2024 at 12:35 | review | Suggested edits | |||
| S Mar 4, 2024 at 12:45 | |||||
| Mar 4, 2024 at 12:34 | comment | added | Johan |
Nice. Thanks, Philip. Also for pointing out rootless mode. May I ask also what you do yourself then - do you sudo a whole lot? Use podman instead? Run "engine" in a VM with bind mounts? etc. :-)
|
|
| Mar 3, 2024 at 18:40 | history | answered | Philip Couling | CC BY-SA 4.0 |