Docker is currently a popular container technology, which allows developers to easily build, run and maintain applications. However, when using Docker, you need to pay attention to the permission issues when the container is running. By default, Docker executes containers by using the root user, which may present security risks. Therefore, we need to learn how to add users to Docker, that is, specify the non-root user as the default user.
Why do you need to add users to Docker?
Docker’s security is very important. Especially when we use Docker to host production applications, we must be very careful because application containers may carry sensitive information that can lead to data leakage or corruption. So, in this case, we cannot run the Docker container using the root user. Otherwise, malicious code in any container can access system resources on the host machine, which is very dangerous.
So, in order to solve this problem, we should use non-root users to run Docker containers. This will increase the security of the system and improve our security when using Docker.
How to add users to Docker?
The Docker runtime is set to the root user by default. If we need to specify a non-root user as the default user, we need to follow the following steps:
Step 1: Create a non-root user
We need to create a new non-root user and disable the local root user. We can create a new user using the following command:
$ sudo adduser <username>
This command specifies the username of the new user as
Step 2: Add the new user to the docker group
Now, we have created a new non-root user, but we also need to add it to the Docker group to allow the User accesses Docker socket. We can add a user to the docker group using the following command:
$ sudo usermod -aG docker <username>
This command adds a new user to the docker group. It is important to note that we must run this command as the root user.
Step 3: Restart the Docker daemon
Next, we need to restart the Docker daemon to enable the new user to access the Docker socket. We can use the following command to restart the Docker daemon:
$ sudo systemctl restart docker
This command will restart the Docker daemon and make the Docker socket accessible to the new user.
Step 4: Configure the Docker service to use the new user
Now, we have added a new user to Docker, but we also need to configure the Docker service to use that user. We can use the following command to edit the Docker system service:
$ sudo vim /etc/systemd/system/multi-user.target.wants/docker.service
This command will open the Docker system service file for editing. In the file, we need to modify the following content:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
to:
ExecStart=/usr/bin/dockerd --group docker -H fd:// --containerd=/run/containerd/containerd.sock
This modification configures the Docker service to use the docker group. After saving and closing the file, we need to reload the Docker system service:
$ sudo systemctl daemon-reload $ sudo systemctl restart docker
Now, we have successfully designated the non-root user as the default user and can run the Docker container.
Summary
Docker is the default setting to use the root user to run containers, which may have security issues. Therefore, we should learn how to add users for Docker and disable the root user. During the operation, we created a new non-root user, added it to the docker group, and finally configured the Docker service to use this user. In this way, we successfully increased Docker's security and protected our applications and system resources.
The above is the detailed content of How to add users to docker. For more information, please follow other related articles on the PHP Chinese website!