In my previous post, I have explained how to install the Docker on Cent OS and few important commands can be used for verification and other basic operations. In addition, I have mentioned next topic will be Initial configuration task, which is required.
In this topic, I will be explaining about the initial configuration, which you have to perform after installation of Docker.
How to Secure the Docker Access
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.
We cannot share root credentials with anyone, so we have to give permission to developers to run Docker. There are two options once
- Provide sudo access to users
- Add user to Docker group
Configure Sudo Access
The sudo command offers a mechanism for providing trusted users with administrative access to a system without sharing the password of the root user. When users given access via this mechanism precede an administrative command with sudo they are prompted to enter their own password. Once authenticated, and assuming the command is permitted, the administrative command is executed as if run by the root user.
Log in to the system as the root user.
Create a normal user account using the useradd command
# useradd username
Set a password for the new user using the passwd command
# passwd username
Let try to run docker command with new user we created
Now lets check sudo permission
And we confirmed there is no sudo permission for this user , so we have to add the user to sudoers file, you can add this user to the exiting group available on the suodoers or create a new group and configure that in sudoers.
- Edit the /etc/sudoers file using any suitable editor , here I use vi editor .
Note:- File sudoers defines the policies applied by the sudo command.
- Find the lines in the file that grant sudo access to users in the group wheel when enabled.
Wheel is a default group available for sudoers, or you can create a new group and add to sudoers file which can be used for setting sudo permission.
# cat /etc/sudoers – Use command to check the contests of the sudoers file
## Allows people in group wheel to run all commands# %wheel ALL=(ALL) ALL
- Remove the comment character (#) at the start of the second line. This enables the configuration option.
- Save your changes and exit the editor.
Note:- admin is a group i have created for configure sudo access
If you don’t want to use sudo when you use the docker command, add the users to docker group which will be created while you install and enable docker . When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.
Add user to Docker Group
usermod -aG docker username
I have added vmarena user to docker group now Log out and log back for the group membership become active .
Verify that you can run
docker commands without
$ docker run hello-world
This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.
Configure Docker to start on boot
You can use
systemctl to manage which services start when the system boots .
# systemctl enable docker
To disable this use
disable instead of enable
# sudo systemctl disable docker
Note:- User configured with docker group will not have the permission to perfomr this , sudo permission required or need use root account .
Options to Check Docker Status
You will have multiple option to check the docker service status , find below
docker info command using to display system-wide information such as status , available containers , images , OS , resources etc
You can also use operating system utilitie
systemctl is-active docker or
service docker status
Finally, you can check in the process list for the
dockerd process, using commands like
First two Lessons are only to start docker and upcoming posts will help you understand how containers works in docker and you can follow the exercise , Stay Tuned
Thank you for reading this post , Share the knowledge if you feel worth sharing it.