Docker as root, a necessary evil?
I’m currently setting up a new homelab and trying to be a bit more security-focused than my previous setups.
Current setup:
- Proxmox host
- Ubuntu Server running in an VM
- Docker running inside Ubuntu
- Planning to run things like the *arr stack, Portainer, Dockge, Filebrowser, monitoring tools, etc.
While setting up Docker, I ran into the following problem
"Permission Denied While Trying to Connect to the Docker Daemon Socket"
I found fixes like this:
How to fix “Permission Denied While Trying to Connect to the Docker Daemon Socket”
But from what I understand, all that really does is add your user to the docker group, which effectively gives root-equivalent access anyway. That feels a bit opposite to what I was trying to achieve security-wise.
Then I started looking more into containers running as root and found articles like this:
Why running Docker containers as root is dangerous
Now I’m stuck as to what the “normal” or recommended approach actually is.
A lot of tools seem to either:
- Require root
- Need access to Docker sockets
- Need broad filesystem access
- Or expect privileged mounts/permissions
So how are people actually handling this securely?
Am I just missing something obvious
In theory, none of my containers are going to be exposed to the public. I plan on just using a VPN to access my stuff. So, in theory, this shouldn't be a problem, right? Should I just go ahead and run everything with root, or is there a better approach to this?
I'm looking for something that I can do to get my stuff up and running but that is still mostly in line with best practise. I am not running a bank at home so I don't need every tiny bit of security just something practical