Option to run docker commands using sudo

Question

Option to run docker commands using sudo

ambsw-technology opened this issue 9 years ago · 2 comments

ambsw-technology commented 9 years ago

The discussion started on docker-fabric. TL;DR

This article argues that sudo docker (with a very restrictive sudoers line and an alias to docker) is a better security practice than adding users to the docker group.
This approach also makes it easy to manage docker execution privileges from LDAP since sudoers supports LDAP groups.
@merll indicated that the key constraint is the way docker-map interacts with docker -- using the docker-py API client through socat. docker-map would need to issue shell commands instead.

Since these commands would need to be issued by docker-map, I'm moving the ticket here.

Answer 1 · 2016-03-11T17:27:49.000Z

Imagine we had a "docker CLI" wrapper that supported the exact same interface as the docker-py's client. I believe:

That package could be injected into DockerClientWrapper without making any other changes to this project.
It would work as a drop-in replacement (for docker-py in any project currently using the docker API.

Obviously, this isn't a complete solution to the fabric issue, but it would isolate the API vs. CLI issue to a reusable project with a well-defined interface that would have no interdependencies with docker-map.

Answer 2 · 2017-02-16T00:16:45.000Z

Closing. The new CLI option is working great (thanks!).