What should I know if I'm going to run on a publicly accessible ?


I'm asking because I see this warning: "Adding a user to the “docker” group grants them the ability to run containers which can be used to obtain root privileges on the Docker host. Refer to Docker Daemon Attack Surface for more information."


@celia that warning is for companies who should be aware that adding Bob to docker is kind of the same as giving them root privileges which is probably a bad idea if was done just for convenience.

In your case I would assume you have control of the VPS, the root and your own user may have that privilege. And you would not harm your own VPS.

@celia @esparta Yeah, shouldn't be an issue if you're the sole user/administrator. (Just remember any additional `docker` group member is able to run and control any and all containers, also those "created" by other users, and, through volumes, is essentially given root FS access.) Also, if you ever plan on adding other users and services, you might wanna look into namespaced/rootless Docker.

@celia I would be more concerned about what you expose to the world: a node http app? I would put a real webserver in front (as nginx), and stuff like that.

Sign in to participate in the conversation

Fosstodon is an English speaking Mastodon instance that is open to anyone who is interested in technology; particularly free & open source software.