[CentOS-devel] CentOS Atomic SIG Image Ready for Testing

Tue Nov 11 18:23:46 UTC 2014
Daniel J Walsh <dwalsh at redhat.com>

On 11/11/2014 11:00 AM, Joe Brockmeier wrote:
> On 11/08/2014 12:40 PM, Aditya Patawari wrote:
>> Is this a known issue or should I file a bug somewhere?
> Are you using root or another use to run containers?
>
> Dan said "You should not be allowing non root users to create docker
> containers."
>
> So what's the best practice we want to be pushing here, and is that
> possible under the current setup?
>
> Best,
>
> jzb
>
>
> _______________________________________________
> CentOS-devel mailing list
> CentOS-devel at centos.org
> http://lists.centos.org/mailman/listinfo/centos-devel
Personally if it is a single user machine and you have sudo setup to be
used without a password, then
set this up also. 

If this is a multi-user system, and you don't want all of your uses to
be able to run as root, then
don't do it.  I would recommend just using sudo docker or better yet
build a script that executes a specific
docker command that you user could run.

dockerstart.sh
docker start foobar

dockerexec.sh
docker exec -ti foobar /bin/sh

docker stop.sh
docker stop foobar

Then setup lines in sudoers to allow specific users to execute these
scripts, only.
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.centos.org/pipermail/centos-devel/attachments/20141111/b6415fbb/attachment-0008.html>