3

I want to use docker-machine to deploy containers on a Debian 9 server from my local computer.

I followed instructions from this page, which clearly indicates:

If you are using « sudo » on the host, make sure you configure passwordless sudo:

# visudo
%sudo   ALL=(ALL) NOPASSWD:ALL

In addition, docker documentation for generic docker-machine driver mention the same:

Sudo privileges

The user that is used to SSH into the host can be specified with --generic-ssh-user flag. This user needs password-less sudo privileges. If it’s not the case, you need to edit the sudoers file and configure the user as a sudoer with NOPASSWD

I'm not an expert, but I feel something is wrong here... Doesn't allowing a user on a production server to execute any command without password open a security breach? Or am I missing something?

Antwane
  • 165
  • 1
  • 11

1 Answers1

0

3 months later, I think I have an answer to my own question. It appear that the passwordless configuration is needed only when the production server is first registered in docker-machine.

Once command docker-machine create --driver generic [...] has been sucessfully entered, docker-machine is able to connect to remote host using socket on port 2376, and sudo is not used anymore on production server.

In other words, passwordless sudo configuration should be present a few seconds on the server, and may be disabled later.

Antwane
  • 165
  • 1
  • 11