Docker is currently a popular container technology, which allows developers to easily build, run and maintain applications. However, when using Docker, you need to pay attention to the permission issues when the container is running. By default, Docker executes containers by using the root user, which may present security risks. Therefore, we need to learn how to add users to Docker, that is, specify the non-root user as the default user.
Why do you need to add users to Docker?
Docker’s security is very important. Especially when we use Docker to host production applications, we must be very careful because application containers may carry sensitive information that can lead to data leakage or corruption. So, in this case, we cannot run the Docker container using the root user. Otherwise, malicious code in any container can access system resources on the host machine, which is very dangerous.
So, in order to solve this problem, we should use non-root users to run Docker containers. This will increase the security of the system and improve our security when using Docker.
How to add users to Docker?
The Docker runtime is set to the root user by default. If we need to specify a non-root user as the default user, we need to follow the following steps:
Step 1: Create a non-root user
We need to create a new non-root user and disable the local root user. We can create a new user using the following command:
$ sudo adduser <username></username>
This command specifies the username of the new user as
Step 2: Add the new user to the docker group
Now, we have created a new non-root user, but we also need to add it to the Docker group to allow the User accesses Docker socket. We can add a user to the docker group using the following command:
$ sudo usermod -aG docker <username></username>
This command adds a new user to the docker group. It is important to note that we must run this command as the root user.
Step 3: Restart the Docker daemon
Next, we need to restart the Docker daemon to enable the new user to access the Docker socket. We can use the following command to restart the Docker daemon:
$ sudo systemctl restart docker
This command will restart the Docker daemon and make the Docker socket accessible to the new user.
Step 4: Configure the Docker service to use the new user
Now, we have added a new user to Docker, but we also need to configure the Docker service to use that user. We can use the following command to edit the Docker system service:
$ sudo vim /etc/systemd/system/multi-user.target.wants/docker.service
This command will open the Docker system service file for editing. In the file, we need to modify the following content:
ExecStart=/usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
to:
ExecStart=/usr/bin/dockerd --group docker -H fd:// --containerd=/run/containerd/containerd.sock
This modification configures the Docker service to use the docker group. After saving and closing the file, we need to reload the Docker system service:
$ sudo systemctl daemon-reload $ sudo systemctl restart docker
Now, we have successfully designated the non-root user as the default user and can run the Docker container.
Summary
Docker is the default setting to use the root user to run containers, which may have security issues. Therefore, we should learn how to add users for Docker and disable the root user. During the operation, we created a new non-root user, added it to the docker group, and finally configured the Docker service to use this user. In this way, we successfully increased Docker's security and protected our applications and system resources.
The above is the detailed content of How to add users to docker. For more information, please follow other related articles on the PHP Chinese website!

A Data Volume Container is a Docker container that stores and manages persistent data. Using a data volume container includes: 1. Create a data volume container; 2. Mount a data volume; 3. Use a data volume in the container. Advantages: persistence, shared data, backup and recovery; Disadvantages: performance, portability.

Docker LNMP container call steps: Run the container: docker run -d --name lnmp-container -p 80:80 -p 443:443 lnmp-stack to get the container IP: docker inspect lnmp-container | grep IPAddress access website: http://<Container IP>/index.phpSSH access: docker exec -it lnmp-container bash access MySQL: mysql -u roo

You can use a variety of methods provided by Docker to find containers, including: Docker CLI: Use commands such as docker ps to list containers and use filters to narrow down searches. Docker API: Send a request to retrieve container information. Docker Compose: Use commands such as docker-compose ps to list containers. Docker Tools: Use tools such as Docker Explorer or Portainer to manage containers in a graphical interface. Container ID: Use a unique ID to find containers with the Docker CLI, API, or tool.

Resolve Docker startup failure: 1. Run Docker with root user permissions; 2. Check port conflicts and adjust port numbers; 3. Clean unused images and volumes to free up storage space; 4. Increase memory allocated by Docker; 5. Install required dependencies; 6. Check the correctness of volume mounts; 7. View container logs for error information; 8. Update the kernel version to comply with Docker requirements.

You can build Docker private repositories to securely store and manage container images, providing strict control and security. The steps include: creating a repository, granting access, deploying a repository, pushing an image, and pulling an image. Advantages include security, version control, reduced network traffic and customization.

How to edit files in Docker container: Running container: Docker Exec: docker exec -it <container-id> /bin/bashDocker-compose Exec: docker-compose exec <service-name> /bin/bash Direct editing: cat /path/to/file | docker exec -i <container-id> tee /path/

To migrate a Docker container, perform the following steps: Save the container image: Use the docker commit command. Generate container manifest: Use the docker inspect command. Load the image on the target machine: Use the docker load command. Create a new container: Use the docker create command. Start a new container: Use the docker start command.

Configuring MySQL in Docker involves the following steps: Create a Docker image based on the official MySQL image. Start the container and specify the MySQL root password, database name, and port mapping. Use the docker exec command to connect to the container and configure it using the MySQL command line interface.


Hot AI Tools

Undresser.AI Undress
AI-powered app for creating realistic nude photos

AI Clothes Remover
Online AI tool for removing clothes from photos.

Undress AI Tool
Undress images for free

Clothoff.io
AI clothes remover

AI Hentai Generator
Generate AI Hentai for free.

Hot Article

Hot Tools

SublimeText3 Chinese version
Chinese version, very easy to use

SAP NetWeaver Server Adapter for Eclipse
Integrate Eclipse with SAP NetWeaver application server.

Dreamweaver Mac version
Visual web development tools

Safe Exam Browser
Safe Exam Browser is a secure browser environment for taking online exams securely. This software turns any computer into a secure workstation. It controls access to any utility and prevents students from using unauthorized resources.

MinGW - Minimalist GNU for Windows
This project is in the process of being migrated to osdn.net/projects/mingw, you can continue to follow us there. MinGW: A native Windows port of the GNU Compiler Collection (GCC), freely distributable import libraries and header files for building native Windows applications; includes extensions to the MSVC runtime to support C99 functionality. All MinGW software can run on 64-bit Windows platforms.