With Docker all the containers are managed via the Docker Daemon. The Daemon controls all aspects of the container lifecycle.
Previous versions of Docker required that the Daemon started by user with root privileges. This required giving users full access to a machine in order to control and configure Docker. As a result, this exposed potential security risks.
Rootless Docker is a project from Docker that removes the requirement for the Docker Daemon to be started by a root. This creates a more secure environment.
In this scenario, you will learn how to deploy Rootless Docker from a low privileged user, and how user will be able to manage and control the containers running on the system.
More information at https://engineering.docker.com/2019/02/experimenting-with-rootless-docker/
You have successfully deployed the Rootless version of Docker and started containers without requiring Root access!
Run the script on your own Linux system to try it.
curl -sSL https://get.docker.com/rootless | sh
Continue learning more about Docker and containers at https://katacoda.com/courses/docker
Step 1 - Create Ubuntu User
The environment is currently running Ubuntu 16.04 with the user logged in as root. The first step is to create a new user without these root privileges, meaning they will be running with increased security and not be able to make critical changes to the system.
useraddcommand will create a user with the default permissions. Run the command in the terminal to add a new user called
lowprivuser. This user can be called anything.
useradd -m -d /home/lowprivuser -p $(openssl passwd -1 password) lowprivuser
Using`sudo su, it's possible to switch to running as this new, low privileged user.
sudo su lowprivuser
When running as this user, a couple of items change. For example, the user is not able to create or change files in certain locations such as the root directory,
The user is also not able to access Docker as previously this required them to have root permissions.
In the next step, we'll deploy the new Rootless version and allow users launch their own containers.