Difficulty: Beginner
Estimated Time: 10 minutes

With Docker all the containers are managed via the Docker Daemon. The Daemon controls all aspects of the container lifecycle.

Previous versions of Docker required that the Daemon started by user with root privileges. This required giving users full access to a machine in order to control and configure Docker. As a result, this exposed potential security risks.

Rootless Docker is a project from Docker that removes the requirement for the Docker Daemon to be started by a root. This creates a more secure environment.

In this scenario, you will learn how to deploy Rootless Docker from a low privileged user, and how user will be able to manage and control the containers running on the system.

You have successfully deployed the Rootless version of Docker and started containers without requiring Root access!

Run the script on your own Linux system to try it.

curl -sSL https://get.docker.com/rootless | sh

Continue learning more about Docker and containers at https://katacoda.com/courses/docker

Rootless Docker

Step 1 of 4

Step 1 - Create Ubuntu User

The environment is currently running Ubuntu 16.04 with the user logged in as root. The first step is to create a new user without these root privileges, meaning they will be running with increased security and not be able to make critical changes to the system.

The useraddcommand will create a user with the default permissions. Run the command in the terminal to add a new user called lowprivuser. This user can be called anything.

useradd -m -d /home/lowprivuser -p $(openssl passwd -1 password) lowprivuser

Using`sudo su, it's possible to switch to running as this new, low privileged user.

sudo su lowprivuser

When running as this user, a couple of items change. For example, the user is not able to create or change files in certain locations such as the root directory, touch /root/blocked.

The user is also not able to access Docker as previously this required them to have root permissions.

docker ps

In the next step, we'll deploy the new Rootless version and allow users launch their own containers.

This tab will not be visible to users and provides only information to help authors when creating content.

Creating Katacoda Scenarios

Thanks for creating Katacoda scenarios. This tab is designed to help you as an author have quick access the information you need when creating scenarios.

Here are some useful links to get you started.

Running Katacoda Workshops

If you are planning to use Katacoda for workshops, please contact [email protected] to arrange capacity.

Debugging Scenarios

Below is the response from any background scripts run or files uploaded. This stream can aid debugging scenarios.

If you still need assistance, please contact [email protected]