Restrict access of other linux user to docker container

Question

I have two linux users, named as: ubuntu and my_user Now I build a simple Docker image and also run the Docker container In my docker-compose.yml, I volume mount some of the files from local machine to the container, which were created by 'ubuntu' user.

Now if I login by 'my_user', and access the docker container created by 'ubuntu' user using docker exec command, then I am able to access any files that are present in the container.

My requirement is to restrict the access of 'my_user', to access the content of Docker container that was created by 'ubuntu' user.

Answer 1

You could install and run a sshd in that container, map port 22 to an available host port and manage the user accessibility via ssh keys. This would not allow the user to manage things via docker commands but would give that user access to that container.

Answer 2

@surabhi, There is only option to restrict file access by adding fields in docker-compose file.

read_only: flag to set the volume as read-only

nocopy: flag to disable copying of data from a container when a volume is created

You can find more information here

Answer 3

This is not possible to achieve currently. If your user can execute Docker commands, it means effectively that the user has root privileges, therefore it's impossible to prevent this user from accessing any files.

Answer 4

You can add "ro",means readOnly after the data volumn.Like this

HOST:CONTAINER:ro

Or you can add ReadOnly properties in your docker-compose.yml

Here is an example how to specify read-only containers in docker-compose: