Book Image

The Docker Workshop

By : Vincent Sesto, Onur Yılmaz, Sathsara Sarathchandra, Aric Renzo, Engy Fouda
5 (3)
Book Image

The Docker Workshop

5 (3)
By: Vincent Sesto, Onur Yılmaz, Sathsara Sarathchandra, Aric Renzo, Engy Fouda

Overview of this book

No doubt Docker Containers are the future of highly-scalable software systems and have cost and runtime efficient supporting infrastructure. But learning it might look complex as it comes with many technicalities. This is where The Docker Workshop will help you. Through this workshop, you’ll quickly learn how to work with containers and Docker with the help of practical activities.? The workshop starts with Docker containers, enabling you to understand how it works. You’ll run third party Docker images and also create your own images using Dockerfiles and multi-stage Dockerfiles. Next, you’ll create environments for Docker images, and expedite your deployment and testing process with Continuous Integration. Moving ahead, you’ll tap into interesting topics and learn how to implement production-ready environments using Docker Swarm. You’ll also apply best practices to secure Docker images and to ensure that production environments are running at maximum capacity. Towards the end, you’ll gather skills to successfully move Docker from development to testing, and then into production. While doing so, you’ll learn how to troubleshoot issues, clear up resource bottlenecks and optimize the performance of services. By the end of this workshop, you’ll be able to utilize Docker containers in real-world use cases.
Table of Contents (17 chapters)
Preface

Privileged and Root User Access in Containers

One important way to improve the security of your containers is to reduce what an attacker can do if they manage to gain access. The types of command the attacker can run on the container are limited to the level of access the user who is running the processes on the container has. So, if there are no root or elevated privileges on the running container, this limits what the attacker can do. Another thing to remember is that if a container is compromised and is running as the root user, this may also allow the attacker to escape the container and access the host system running Docker.

Most processes running on the container are applications that don't need root access, and this is the same as running processes on a server, where you would not run them as root either. The applications running on the container should only have access to what they need. The reason why root access is provided, especially in base images, is because applications...