kotovalexarian-likes-github/moby--moby
1
0
Fork 0
mirror of https://github.com/moby/moby.git synced 2022-11-09 12:21:53 -05:00
Code Releases Activity

Fixed sudo section to match Debian installation doc

Browse source 
Docker-DCO-1.1-Signed-off-by: James Turnbull <james@lovedthanlost.net> (github: jamtur01)
This commit is contained in:
James Turnbull 2014-05-18 18:55:58 -04:00
parent 88afc8992f
commit f8974b5cfc
1 changed files with 13 additions and 16 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

29
docs/sources/installation/ubuntulinux.md
View file

@ -169,26 +169,23 @@ World*](/examples/hello_world/#hello-world) example.
### Giving non-root access ### Giving non-root access
The `docker` daemon always runs as the root user, The `docker` daemon always runs as the `root` user, and since Docker
and since Docker version 0.5.2, the `docker` daemon version 0.5.2, the `docker` daemon binds to a Unix socket instead of a
binds to a Unix socket instead of a TCP port. By default that Unix TCP port. By default that Unix socket is owned by the user `root`, and
socket is owned by the user *root*, and so, by default, you can access so, by default, you can access it with `sudo`.
it with `sudo`.
Starting in version 0.5.3, if you (or your Docker installer) create a Starting in version 0.5.3, if you (or your Docker installer) create a
Unix group called *docker* and add users to it, then the Unix group called `docker` and add users to it, then the `docker` daemon
`docker` daemon will make the ownership of the Unix will make the ownership of the Unix socket read/writable by the `docker`
socket read/writable by the *docker* group when the daemon starts. The group when the daemon starts. The `docker` daemon must always run as the
`docker` daemon must always run as the root user, `root` user, but if you run the `docker` client as a user in the
but if you run the `docker` client as a user in the `docker` group then you don't need to add `sudo` to all the client
*docker* group then you don't need to add `sudo` to commands. From Docker 0.9.0 you can use the `-G` flag to specify an
all the client commands. As of 0.9.0, you can specify that a group other alternative group.
than `docker` should own the Unix socket with the
`-G` option.
> **Warning**: > **Warning**:
> The *docker* group (or the group specified with `-G`) is > The `docker` group (or the group specified with the `-G` flag) is
> root-equivalent; see [*Docker Daemon Attack Surface*]( > `root`-equivalent; see [*Docker Daemon Attack Surface*](
> /articles/security/#dockersecurity-daemon) details. > /articles/security/#dockersecurity-daemon) details.
**Example:** **Example:**