Docker is currently a popular container technology, which allows developers to easily build, run and maintain applications. However, when using Docker, you need to pay attention to the permission issues when the container is running. By default, Docker executes containers by using the root user, which may present security risks. Therefore, we need to learn how to add users to Docker, that is, specify the non-root user as the default user.
Why do you need to add users to Docker?
Docker’s security is very important. Especially when we use Docker to host production applications, we must be very careful because application containers may carry sensitive information that can lead to data leakage or corruption. So, in this case, we cannot run the Docker container using the root user. Otherwise, malicious code in any container can access system resources on the host machine, which is very dangerous.
So, in order to solve this problem, we should use non-root users to run Docker containers. This will increase the security of the system and improve our security when using Docker.
How to add users to Docker?
The Docker runtime is set to the root user by default. If we need to specify a non-root user as the default user, we need to follow the following steps:
Step 1: Create a non-root user
We need to create a new non-root user and disable the local root user. We can create a new user using the following command:
$ sudo adduser <username></username>
This command specifies the username of the new user as
Step 2: Add the new user to the docker group
Now, we have created a new non-root user, but we also need to add it to the Docker group to allow the User accesses Docker socket. We can add a user to the docker group using the following command:
$ sudo usermod -aG docker <username></username>
This command adds a new user to the docker group. It is important to note that we must run this command as the root user.
Step 3: Restart the Docker daemon
Next, we need to restart the Docker daemon to enable the new user to access the Docker socket. We can use the following command to restart the Docker daemon:
$ sudo systemctl restart docker
This command will restart the Docker daemon and make the Docker socket accessible to the new user.
Step 4: Configure the Docker service to use the new user
Now, we have added a new user to Docker, but we also need to configure the Docker service to use that user. We can use the following command to edit the Docker system service:
$ sudo vim /etc/systemd/system/multi-user.target.wants/docker.service
This command will open the Docker system service file for editing. In the file, we need to modify the following content:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
to:
ExecStart=/usr/bin/dockerd --group docker -H fd:// --containerd=/run/containerd/containerd.sock
This modification configures the Docker service to use the docker group. After saving and closing the file, we need to reload the Docker system service:
$ sudo systemctl daemon-reload $ sudo systemctl restart docker
Now, we have successfully designated the non-root user as the default user and can run the Docker container.
Summary
Docker is the default setting to use the root user to run containers, which may have security issues. Therefore, we should learn how to add users for Docker and disable the root user. During the operation, we created a new non-root user, added it to the docker group, and finally configured the Docker service to use this user. In this way, we successfully increased Docker's security and protected our applications and system resources.
The above is the detailed content of How to add users to docker. For more information, please follow other related articles on the PHP Chinese website!

This article explains how to use the docker exec command to run commands within a running Docker container. It covers basic syntax, options (like -it for interactive use and -d for detached mode), shell access, common use cases (debugging, administr

This article explains Docker, a containerization platform simplifying application building, shipping, and running. It addresses the "it works on my machine" problem by packaging apps and dependencies into isolated containers, improving con

This article explains Docker, contrasting it with virtual machines. Docker uses containerization, sharing the host OS kernel for lightweight, resource-efficient application isolation. Key advantages include speed, portability, ease of deployment, a

The article details deploying applications to Docker Swarm, covering preparation, deployment steps, and security measures during the process.

Docker simplifies application building, shipping, and running via containerization. It offers consistent development environments, faster cycles, improved collaboration, and streamlined CI/CD, resulting in portable, scalable, and resource-efficient

This article explains Docker, a containerization platform simplifying application creation, deployment, and execution. It highlights Docker's benefits: improved efficiency, consistency, resource utilization, and streamlined deployment. Various use

The article explains Kubernetes' pods, deployments, and services, detailing their roles in managing containerized applications. It discusses how these components enhance scalability, stability, and communication within applications.(159 characters)

The article discusses scaling applications in Kubernetes using manual scaling, HPA, VPA, and Cluster Autoscaler, and provides best practices and tools for monitoring and automating scaling.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

EditPlus Chinese cracked version
Small size, syntax highlighting, does not support code prompt function

Dreamweaver Mac version
Visual web development tools

ZendStudio 13.5.1 Mac
Powerful PHP integrated development environment

SublimeText3 Mac version
God-level code editing software (SublimeText3)

mPDF
mPDF is a PHP library that can generate PDF files from UTF-8 encoded HTML. The original author, Ian Back, wrote mPDF to output PDF files "on the fly" from his website and handle different languages. It is slower than original scripts like HTML2FPDF and produces larger files when using Unicode fonts, but supports CSS styles etc. and has a lot of enhancements. Supports almost all languages, including RTL (Arabic and Hebrew) and CJK (Chinese, Japanese and Korean). Supports nested block-level elements (such as P, DIV),
