Allow running Docker without sudo

[prihoda]

Some users actually don't have root (sudo) access and they can still use Docker. You could provide an option not to use sudo or figure it out automatically somehow (e.g. by checking if you can run docker without it first).

[mattiat]

Thank you, David!

This is a very good suggestion, I will check automatically and run sudo docker or just docker depending on whether the user has set up his/her system.

PS: I read about security concerns when it comes to running Docker without sudo... Do you have an opinion?

[prihoda]

PS: I read about security concerns when it comes to running Docker without sudo... Do you have an opinion?

I know about the risk of getting root access through Docker (just on Linux machines, not on Windows or OSX), but that will depend on user setup. If the user is added to the docker group, it enables running without sudo, but also makes root privilege escalation possible. But then, using or not using sudo itself does not change this fact. If the user is member of the docker group, the privilege escalation is possible both with or without sudo.

[mattiat]

I fully agree, the choice of allowing docker to run without sudo would be the user's responsibility. I am a little swamped at the moment (we are submitting a paper to publish the method). If you are interested in writing a few lines, do let me know: other users are writing features, we are not jealous about code ownership! Otherwise, no problem we will try to implement it soon.

[gaspanico]

In case someone else stumbles into this problem:

I was able to run MONET without root privileges (but with rootless Docker set up on the Linux Ubuntu server) by manually editing the ~/.monet/monet script, removing sudo from the lines where it is prepended to the docker command:

Line 404: sudo docker build -t $docker_reference "$install_dir"/containers/"$method"/docker \ Line 409: sudo docker rm "$method"-container > /tmp/docker_rm_output 2>&1 Line 412: sudo docker run --name "$method"-container \