loading...

One of those wtf moments when using docker

zaffja profile image Zafri Zulkipli ・2 min read

I've been using docker for a year and a half now. Since then I've learned many neat and cool tricks about docker. I'm gonna share with you one particular trick that I find very interesting when using docker. Take a look at below script.

docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps

At first glance you can tell that I'm using busybox image to do nothing than just to remove my deps folder. But why should we concern about this? Well, it turns out that docker leverages root access, meaning we're basically running sudo rm -rf deps without asking for our sudo password! That's dangerous!!!

Although it is dangerous, it is quite useful as well. We just have to be careful on the way we use it that's all. Tbh, I've used this trick quite a lot in my development. The example above is actually a part of my Makefile setup as depict below

setup:
        docker run --rm -it -v $(PWD):/app -w /app busybox rm -rf deps
        docker run --rm -it -v $(PWD):/app -w /app elixir:1.6 mix local.hex --force && mix deps.get
        cd assets && $(MAKE) setup
        docker-compose build

As you can see, I'm developing an elixir application, and make setup is something you want to run quite a few times (if not just one time). So this ensure that if somebody were to clone my project, running make setup for them would be a breeze and won't have any issues regarding permission.

Anyways, what do you think of this trick? Is it good? Bad? Share your thoughts with me and if possible how can I improve my setup.

Posted on by:

zaffja profile

Zafri Zulkipli

@zaffja

Exploring automation with the ultimate goal to automate daily life itself.

Discussion

markdown guide
 

I personally feel using docker for nuke type operations to circumvent potential permission issues is a bad idea. Permissions are a safeguard at the end of the day.

 

When I first found out about this, I had the same thoughts as well. But eventually I encounter more and more problems regarding permissions, thus making me trade security for convenience.

Although I highly don't recommend doing this for production applications as well. But I just use this for my pet projects as well as for learning purposes.

 

It still seems like you're going to a lot of trouble for it compared to setting NOPASSWD: ALL in sudoers. And it's easy to forget what you did in a makefile and publish it.