Search icon CANCEL
Subscription
0
Cart icon
Your Cart (0 item)
Close icon
You have no products in your basket yet
Save more on your purchases! discount-offer-chevron-icon
Savings automatically calculated. No voucher code required.
Arrow left icon
Explore Products
Best Sellers
New Releases
Books
Videos
Audiobooks
Learning Hub
Free Learning
Arrow right icon
Arrow up icon
GO TO TOP
Docker Cookbook

You're reading from   Docker Cookbook Over 100 practical and insightful recipes to build distributed applications with Docker

Arrow left icon
Product type Paperback
Published in Aug 2018
Publisher
ISBN-13 9781788626866
Length 352 pages
Edition 2nd Edition
Tools
Arrow right icon
Authors (3):
Arrow left icon
Neependra K Khare Neependra K Khare
Author Profile Icon Neependra K Khare
Neependra K Khare
Ken Cochrane Ken Cochrane
Author Profile Icon Ken Cochrane
Ken Cochrane
Jeeva S. Chelladhurai Jeeva S. Chelladhurai
Author Profile Icon Jeeva S. Chelladhurai
Jeeva S. Chelladhurai
Arrow right icon
View More author details
Toc

Table of Contents (13) Chapters Close

Preface 1. Introduction and Installation 2. Working with Docker Containers FREE CHAPTER 3. Working with Docker Images 4. Network and Data Management for Containers 5. Docker Use Cases 6. Docker APIs and SDKs 7. Docker Performance 8. Docker Orchestration and Hosting a Platform 9. Docker Security 10. Getting Help and Tips and Tricks 11. Docker on the Cloud 12. Other Books You May Enjoy

Removing capabilities to break down the power of a root user inside a container

In simple terms, with capabilities we can break down the power of a root user. Note the following from the main capabilities page:

For the purpose of performing permission checks, traditional UNIX implementations distinguish two categories of processes: privileged processes (whose effective user ID is 0, referred to as superuser or root), and unprivileged processes (whose effective UID is non-zero). Privileged processes bypass all kernel permission checks, while unprivileged processes are subject to full permission checking based on the process's credentials (usually: effective UID, effective GID, and supplementary group list).

Starting with kernel 2.2, Linux divides the privileges traditionally associated with superusers into distinct units, known as capabilities, which can be independently...

lock icon The rest of the chapter is locked
Register for a free Packt account to unlock a world of extra content!
A free Packt account unlocks extra newsletters, articles, discounted offers, and much more. Start advancing your knowledge today.
Unlock this book and the full library FREE for 7 days
Get unlimited access to 7000+ expert-authored eBooks and videos courses covering every tech area you can think of
Renews at $19.99/month. Cancel anytime
Banner background image