Table of Contents

  1. Adding privileges to directory for non-root user
    1. Problem description
      1. Install acl package
      2. Add privileges to /var/lib/docker/
      3. Add recursively privileges to /var/lib/docker/volumes
      4. Inspect directory access control list
    2. Links

Adding privileges to directory for non-root user

Problem description

Let’s imagine we want to give non-root user access to root directory. Let it be /var/lib/docker/volumes/.

The easiest approach is as follows:

Install acl package

sudo apt install acl

With the commands from this package we may easily view and edit privileges to files/directories

Add privileges to /var/lib/docker/

By adding privileges only to /var/lib/docker/volumes we wouldn’t have access to it anyway because we would be blocked at /var/lib/docker/ level, so we need to give access to this directory. Note that we do not use -R modifier because:

  1. we don’t want user has access to all that is inside docker/

  2. with -R evaluating this command may take very looooong

    cd /var/lib/ sudo setfacl -m u:USERNAME:rwx docker/

Add recursively privileges to /var/lib/docker/volumes

Now we do use -R modifier:

sudo setfacl -R -m u:USERNAME:rwx volumes/

Now we can…

Inspect directory access control list

getfacl /var/lib/docker/volumes/

https://delinea.com/blog/linux-privilege-escalation