Press enter or click to view image in full size
If you’ve worked with Docker on Linux, you’ve probably encountered this command at least once:
sudo usermod -aG docker <username>It’s a common recommendation that allows users to run Docker commands without repeatedly typing sudo. For a personal development machine where you're the only user, this convenience is often an acceptable trade-off.
However, on shared development servers, CI/CD runners, or production machines, this seemingly harmless command can have serious security implications.
Most people assume that adding a user to the docker group only grants permission to manage containers. In reality, it grants something much more powerful.
Not a Medium member? Read the complete story here
A user with access to Docker can effectively gain root privileges on the host-machine .Without ever being added to the sudo group.
This isn’t a vulnerability or a recently discovered exploit. It’s a consequence of how Docker is designed to work.
In this article, we’ll explore why membership in the docker group is effectively equivalent to root access, demonstrate it with a simple proof of concept, and discuss what administrators should do…