Ubuntu – Allow non-root user to use some Docker commands

18.04dockerpermissions

I have a user restricted, and the user can only access its own files. It is a non-root user, and so, therefore, cannot use Docker (doing docker run foo => docker: Got permission denied while trying to connect to the Docker daemon socket...).

I want to allow this user to create their own Docker images from only their file space, and only be able to delete/rmi their own images that they have made. Furthermore, they will only be able to run their own images and stop their own image containers.

From the questions I have read, the only way for this to happen is to add a root user to a group the non-root user is in, making a huge vulnerability risk.

Best Answer

Per the Official Docker Documentation,

Running containers (and applications) with Docker implies running the Docker daemon. This daemon requires root privileges unless you opt-in to Rootless mode (experimental)...

Instructions for this mode can be found on GitHub:

https://github.com/docker/engine/blob/v19.03.0-rc3/docs/rootless.md

I want to allow this user to create their own Docker images from only their file space, and only be able to delete/rmi their own images that they have made.

If you are only seeking to build containers, one could try using img,

Standalone, daemon-less, unprivileged Dockerfile and OCI compatible container image builder.

This tool can be used for building containers, and runs without permissions by default.

Furthermore, they will only be able to run their own images and stop their own image containers.

Unfortunately, as stated previously, img cannot run containers, only build them.

See also: https://rootlesscontaine.rs

Related Question