donatello
commented
6 years ago - Whether sudo is required or not is related to the docker setup on the user's machine, and not related to the docker command used to retrieve the logs itself.
Closed donatello closed 6 years ago
donatello
commented
6 years ago donatello
commented
6 years ago There is no harm to add sudo even if its running as privileged user.
Using sudo is not good practice. Any program that is known to be safe can be run as root, but this is discouraged for all the usual reasons (encourages users to solve permission issues by simply running as root).
Most of the time, current user is not added to docker user.
This was true in the early days - the support to run docker without root has been around for more than 2 years by now. The default Ubuntu/Linux install instructions for Docker specify how to run docker without root.
Current approach is safe for copy/paste.
This is irrelevant. I think what you meant is that it is convenient. However, no convenience is lost if the user just did the post install steps - https://docs.docker.com/engine/installation/linux/linux-postinstall/
balamurugana
commented
6 years ago Using sudo is not good practice. Any program that is known to be safe can be run as root, but this is discouraged for all the usual reasons (encourages users to solve permission issues by simply running as root).
Direct root account usage is disabled long time ago. See https://help.ubuntu.com/community/RootSudo
This was true in the early days - the support to run docker without root has been around for more than 2 years by now. The default Ubuntu/Linux install instructions for Docker specify how to run docker without root.
Current approach is safe for copy/paste.This is irrelevant. I think what you meant is that it is convenient. However, no convenience is lost if the user just did the post install steps - https://docs.docker.com/engine/installation/linux/linux-postinstall/
Note that ubuntu doesn't add any user into docker group by default. Steps https://docs.docker.com/engine/installation/linux/linux-postinstall/ is done separately after sudo apt install docker-ce and users in docker group know to eliminate sudo and interesting warning in the link is
Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.Direct root account usage is disabled long time ago. See https://help.ubuntu.com/community/RootSudo
I don't understand. This is an unrelated point. I didn't say anything about logging in as root. To clarify my earlier point, a sudo user (e.g. the owner of a laptop with ubuntu installed) can run any program with root privileges by prefixing the command with "sudo". Though it is safe to run many programs as root (again, by prefixing the command with sudo), it is discouraged, as it encourages insecure practices such as solving permissions issues by using the sudo hammer.
Note that ubuntu doesn't add any user into docker group by default. Steps https://docs.docker.com/engine/installation/linux/linux-postinstall/ is done separately after sudo apt install docker-ce and users in docker group know to eliminate sudo and interesting warning in the link is
Warning: The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Yes, again obviously docker does not do this automatically as it is not inherently safe to run docker with root privileges (by adding it to docker group). This is why it is left to the user to decide their own level of tolerance to run untrusted programs. It is the same with mint. We do not guarantee it is safe - we should not recommend users to run it as root - especially when it is not strictly required.