Learning Docker – Part 2

In my previous post, I have explained how to install the Docker on Cent OS and few important commands can be used for verification and other basic operations. In addition, I have mentioned next topic will be Initial configuration task, which is required.

In this topic, I will be explaining about the initial configuration, which you have to perform after installation of Docker.

How to Secure the Docker Access

The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The docker daemon always runs as the root user.

We cannot share root credentials with anyone, so we have to give permission to developers to run Docker. There are two options once

• Provide sudo access to users
• Add user to Docker group

Configure Sudo Access

Sudo

The sudo command offers a mechanism for providing trusted users with administrative access to a system without sharing the password of the root user. When users given access via this mechanism precede an administrative command with sudo they are prompted to enter their own password. Once authenticated, and assuming the command is permitted, the administrative command is executed as if run by the root user.

Log in to the system as the root user.

Create a normal user account using the useradd command

# useradd username

Set a password for the new user using the passwd command

# passwd username

Let try to run docker command with new user we created

Now lets check sudo permission

And we confirmed there is no sudo permission for this user , so we have to add  the user to sudoers file, you can add this user to the exiting group available on the suodoers or create a new group and configure that in sudoers.

1. Edit the /etc/sudoers file using any suitable editor , here I use vi editor .

Note:- File sudoers  defines the policies applied by the sudo command.

2. Find the lines in the file that grant sudo access to users in the group wheel when enabled.

Wheel is a default group available for sudoers, or you can create a new group and add to sudoers file which can be used for setting sudo permission.

# cat /etc/sudoers     – Use command to check the contests of the  sudoers file

⁠ ## Allows people in group wheel to run all commands# %wheel        ALL=(ALL)       ALL

3. Remove the comment character (#) at the start of the second line. This enables the configuration option.
4. Save your changes and exit the editor.

Note:- admin is a group i have created for  configure sudo access

If you don’t want to use sudo when you use the docker command, add the users to docker group which will be created while you install and enable docker . When the docker daemon starts, it makes the ownership of the Unix socket read/writable by the docker group.

Add user to Docker Group 

usermod -aG docker username

I have added vmarena user to docker group now Log out and log back  for  the group membership become active .

Verify that you can run docker commands without sudo.

$ docker run hello-world

This command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits.

Configure Docker to start on boot

You can use systemctl to manage which services start when the system boots .

# systemctl enable docker

To disable this use disable instead of enable

# sudo systemctl disable docker

Note:- User configured with docker group will not have the permission to perfomr this , sudo permission required or need use root account .

 

First two Lessons are only to start docker and upcoming posts will help you understand how containers works in docker 
and  you can follow the exercise , Stay Tuned