On Mon, Nov 9, 2015 at 12:40 PM, Akila Ravihansa Perera <[email protected]> wrote: > > > I don't think entire script needs to be run in sudo mode. There are some > maven build commands if run in sudo mode it will try to download artifacts > for root user's maven repo space. Also there are some file copy commands if > run in sudo mode it will mess up the ownership of folder structure. >
Ideally bash scripts should not have sudos in the middle. This is a general rule. Either the entire logic should run as sudo or none [1]. Otherwise the final outcome of the script may have security implications. > Removing sudo mode from docker build command is a bad idea since it forces > users to either run in sudo mode or add Docker user to sudoers group which > is a security risk. > > Running docker commands in sudo mode is not mandatory. May be you noticed this problem when running Docker on your local machine where both docker daemon and client runs on the same host. On OSX with boot2docker this problem is not there. Therefore this logic is not generic. More importantly [2] explains why root permission is needed and how sudo can be avoided by adding the user to docker group (not sudoers group). *The docker daemon always runs as the root user, and since Docker version 0.5.2, the docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root, and so, by default, you can access it with sudo.* *Starting in version 0.5.3, if you (or your Docker installer) create a Unix group called docker and add users to it, then the docker daemon will make the ownership of the Unix socket read/writable by the docker group when the daemon starts. The docker daemon must always run as the root user, but if you run the docker client as a user in the docker group then you don't need to add sudo to all the client commands. As of 0.9.0, you can specify that a group other than docker should own the Unix socket with the -G option.* [1] http://askubuntu.com/questions/425754/how-do-i-run-sudo-command-inside-a-script/425990#425990 [2] http://askubuntu.com/questions/477551/how-can-i-use-docker-without-sudo Thanks > Thanks. > > >> >>> Does anyone aware of how to execute docker termination from Docker >>> Quickstart Terminal with sudo permission? >>> >>> Try to do a sudo docker ps >> sudo docker ps >> sudo docker rm -f [container id] >> >> Thanks >> >> >>> Thanks, >>> Reka >>> >>> On Mon, Nov 9, 2015 at 8:05 PM, Gayan Gunarathne <[email protected]> >>> wrote: >>> >>>> The command that we used to retrieve the configurator_version is not >>>> working as we don't have a pom in the base-image.May be we get >>>> the configurator_version from parent pom and but seems that command is not >>>> working when we point to the parent pom.We may not need to read >>>> this configurator_version from the pom? >>>> >>>> [1] >>>> https://github.com/wso2/private-paas-cartridges/blob/master/common/docker/base-image/build.sh#L25 >>>> >>>> Thanks, >>>> Gayan >>>> >>>> -- >>>> >>>> Gayan Gunarathne >>>> Technical Lead, WSO2 Inc. (http://wso2.com) >>>> Committer & PMC Member, Apache Stratos >>>> email : [email protected] | mobile : +94 775030545 <%2B94%20766819985> >>>> >>>> >>>> >>> >>> >>> >>> -- >>> Reka Thirunavukkarasu >>> Senior Software Engineer, >>> WSO2, Inc.:http://wso2.com, >>> Mobile: +94776442007 >>> >>> >>> >> >> >> -- >> *Imesh Gunaratne* >> Senior Technical Lead >> WSO2 Inc: http://wso2.com >> T: +94 11 214 5345 M: +94 77 374 2057 >> W: http://imesh.gunaratne.org >> Lean . Enterprise . Middleware >> >> > > > -- > Akila Ravihansa Perera > WSO2 Inc.; http://wso2.com/ > > Blog: http://ravihansa3000.blogspot.com > -- *Imesh Gunaratne* Senior Technical Lead WSO2 Inc: http://wso2.com T: +94 11 214 5345 M: +94 77 374 2057 W: http://imesh.gunaratne.org Lean . Enterprise . Middleware
_______________________________________________ Dev mailing list [email protected] http://wso2.org/cgi-bin/mailman/listinfo/dev
