1.1 KiB
swarmlab-linux
1. Install docker INFO:
Docker group membership is more dangerous than sudo
The Docker daemon has setUID root, and by design allows easy access as root to the host filesystem. This makes it trivial for a malicious user to read and alter sensitive system files, or for a careless user to allow a malicious containerized app to do so. Access to Docker commands effectively grants full root power.
Also, Docker doesn't have any equivalent to sudo's password check, which means that a successful arbitrary-code-execution exploit against a user who is in the docker group effectively grants the attacker root. Thus, the safer choice is to never add a user account — even your own — to the docker group, so that Docker commands can only be used via sudo.
INSTALL: https://docs.docker.com/engine/install/debian/