sunhux
asked on
Group/world writable folders esp under docker
refer to attached list of group/world writable folders:
many of them are under docker dir & some are owned by ftp.
Q1:
is it ok to remove group writable permission?
Q2:
Those files owned by ftp: can we amend to be owned by root?
gwrifold.zip
many of them are under docker dir & some are owned by ftp.
Q1:
is it ok to remove group writable permission?
Q2:
Those files owned by ftp: can we amend to be owned by root?
gwrifold.zip
Q1: can we set the owner of the unowned files to root:root ?
Your Docker setup appears to be correctly running Docker containers as unprivileged meaning the container files are owned by some random uid/gid, which in your case looks to have a base uid == 1000.
You can make any change you like, as your logged in as root.
And if you make the change you just described all Docker code will instantly crash, because from a system level, you just changed all the files to root:root. From a container level high uid number like 1001 appear as root from inside the container.
How all this is managed is a long conversation. If you care, you can read up on how Docker manages containers to ensure security.
Q2: Those files owned by ftp: can we amend to be owned by root?
This is similar to Q1. You can change anything you like + you may completely break your ability to use FTP on your machine.
Your Docker setup appears to be correctly running Docker containers as unprivileged meaning the container files are owned by some random uid/gid, which in your case looks to have a base uid == 1000.
You can make any change you like, as your logged in as root.
And if you make the change you just described all Docker code will instantly crash, because from a system level, you just changed all the files to root:root. From a container level high uid number like 1001 appear as root from inside the container.
How all this is managed is a long conversation. If you care, you can read up on how Docker manages containers to ensure security.
Q2: Those files owned by ftp: can we amend to be owned by root?
This is similar to Q1. You can change anything you like + you may completely break your ability to use FTP on your machine.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER