On Thu, Feb 04, 2016 at 10:19:16AM -0500, Prasun Gera wrote:
> I am trying to set up a docker image with a specific development
> environment. We use idm 4.2 for authentication, and non-kerberized nfs
> (including home) for data storage on the hosts.

Are the hosts IPA-enrolled?

> The goal is to run the
> docker container such that when the user calls docker run,

Is any user allowed to run docker run? That seems like a security

> it just drops
> into a shell with the container's environment, but everything else looks
> largely the same. i.e. The user gets the same uid:gid and sees the same
> directories and permissions as the host.

So you want bash started in the container, with the uid:gid of the
person invoking the command? If the users are trusted to do docker
run, they can do

        docker run -u $UID container bash


But you likely do not want to give every user a way to run any command,
why not just use sudo, and

        docker run -u $SUDO_UID container bash

in the script invoked with the sudo (untested)?

Jan Pazdziora
Senior Principal Software Engineer, Identity Management Engineering, Red Hat

Manage your subscription for the Freeipa-users mailing list:
Go to http://freeipa.org for more info on the project

Reply via email to