Remove sudo from all docker commands

[jackm]

If docker is set up properly (see Docker Linux post-install steps), there is no need to use sudo when executing docker commands. It is better practice to not use sudo when it isn't necessary.

[ps1337]

Hi there. Are you referring to the docker group? If yes: I think using this group is bad practice since it essentially allows sudo without password. For more information check https://fosterelli.co/privilege-escalation-via-docker.html

Greetings

[jackm]

That is true, however using Linux namespaces with docker is a thing and remaps the root user inside a docker container so that it does not have the same privilege on the host system. If you're looking to actually secure docker on a shared system then this is the way to go.

[Gigadoc2]

The user namespace settings can be controlled from the command line, which also includes turning user namespacing off entirely and thus gaining root again. So, as for having docker be available to users without any kind of previous (and authenticated) privilege escalation, that is still as bad as an idea as to set your uid to 0.

However, I would still argue to remove the sudo commands from the makefile, mainly because it should be up to the user to choose the privilege escalation method. In other words, I'd recommend to run sudo make instead of hardcoding sudo into the makefile, as it allows to swap out sudo for su/pkexec/machinectl or whatever.

Also, one could have a setup where the docker client controls docker running a within a virtual machine that is itself unprivileged. If one trusts the hardware virtualization of modern CPUs, that might actually be a reason not to require elevated privileges for docker.