[CentOS-devel] docker group not exists in rpm
Jim Perrin
jperrin at centos.org
Mon Dec 7 16:17:30 UTC 2015
On 12/07/2015 09:04 AM, Farkas Levente wrote:
> hi,
> according to the wiki page:
> https://wiki.centos.org/Cloud/Docker
> there should have to be a docker group exists in docker rpm.
This was the case. The group has since been removed by default as
upstream (RH) considers it a GIANT security hole (spoiler: they're right).
> ---------------------------
> sudo usermod -a -G docker <your-user>
> ---------------------------
> is this still valid?
Yes, but you first have to add the docker group yourself.
> or how can an average user can run docker without sudo?
a simple "groupadd docker" will work, then restart the docker service
and add your user to that group.
Note, it's *trivial* to escalate this to gain root on the host system,
so using the docker group is essentially passwordless sudo.
--
Jim Perrin
The CentOS Project | http://www.centos.org
twitter: @BitIntegrity | GPG Key: FA09AD77
More information about the CentOS-devel
mailing list