0

I am thinking about providing docker hosting for some of my customers. I would give these customers access via ssh to my server, allowing the execution of docker, docker-compose, git, nano and the usual file system operations.

Obviously these users would only have access to their own directories in which they then can download their git repositories with their docker-compose files and configurations. Users can register their docker containers with our traefik load balancer using docker labels.

This far this approach is quite production ready.

However as I can enter basically every local mount point in a docker-compose.yml the user could just mount directories from other users and thus I have created a data breach. Is there any way to limit people from which directories they are allowed to mount in their respective docker-compose files (or with the docker cli?) - to be clear with the same docker installation with different users: each user should only be allowed to mount directories under their own root in their containers.

Also is there a way to disallow exposing of ports to the host for docker containers started by specific users?

Tobi
  • 1,175
  • 1
  • 19
  • 44
  • [Docker root access to host system](https://stackoverflow.com/questions/41991905/docker-root-access-to-host-system) has some discussion of user namespace remapping, which might mitigate some of this. – David Maze Apr 08 '23 at 00:39

1 Answers1

0

Giving someone access to the regular Docker daemon is equivalent to giving them root access on your server. If you'd prefer a different model, you could look into podman or Docker's rootless mode, although I don't know how well either of those solutions will work with docker-compose.

Another alternative is to set up Kubernetes, which at the cost of some complexity gives you much finer grained control over access to host resources.

larsks
  • 277,717
  • 41
  • 399
  • 399