this post was submitted on 01 Jun 2026
329 points (99.1% liked)

Programmer Humor

31648 readers
1310 users here now

Welcome to Programmer Humor!

This is a place where you can post jokes, memes, humor, etc. related to programming!

For sharing awful code theres also Programming Horror.

Rules

founded 3 years ago
MODERATORS
Feyter@programming.dev
anzo@programming.dev
BurningTurtle@programming.dev
pylapp@programming.dev
329
Life finds a way (lemmy.ml)
submitted 2 days ago by cm0002@libretechni.ca to c/programmer_humor@programming.dev
42 comments fedilink hide all child comments
 
you are viewing a single comment's thread
view the rest of the comments
[–] uuj8za@piefed.social 80 points 2 days ago* (last edited 2 days ago) (4 children)

I mean, there's a big ol' warning in the docs: https://docs.docker.com/engine/install/linux-postinstall/

The docker group grants root-level privileges to the user

But, I guess Docker doesn't really tell you not to do this... and I feel like a lot of mac users are not used to adding sudo at the front of docker commands so... idk.

[–] SpaceNoodle@lemmy.world 48 points 2 days ago (1 children)

Sounds like Docker is just inherently unsecure.

[–] hperrin@lemmy.ca 16 points 2 days ago (1 children)

In the same way that sudo is.

[–] cornshark@lemmy.world 41 points 2 days ago (4 children)

Sudo makes you enter your password and docker doesn't?

[–] locuester@lemmy.zip 32 points 2 days ago (1 children)

Docker does by default - it only works if you use sudo. But the docs tell you to add yourself to the docker group (which requires sudo to do). Then running docker doesn’t require sudo anymore.

[–] squaresinger@lemmy.world 35 points 2 days ago

Yeah, that's a terrible decision in the docs. Don't ever add a path where anything on the shell can execute user-modifyable code as root.

As soon as you do that, you lose any protection that comes from separating root users and non-root users. Because now any malicious program can just use docker to elevate its code to root.

[–] Zikeji@programming.dev 18 points 2 days ago

Or don't give your user docker and use sudo to use the docker CLI to get the same effect. Hell, you could even alias docker as sudo docker to get the same feel.

[–] tabular@lemmy.world 7 points 2 days ago

Sudo can/usually does ask for password - but if you're feeling lucky you can use sudo without a password.

(Currently doing that after repeatedly failing to install an OS and have not yet felt compelled to change it back).

[–] hperrin@lemmy.ca 3 points 2 days ago

Only if you tell it to.

[–] SirHaxalot@nord.pub 33 points 2 days ago (1 children)

… and the Nextcloud developers think it’s completely reasonable to build a plugin system where you give this access to a web facing PHP application.

[–] prettybunnys@piefed.social 6 points 2 days ago

What could possibly go wrong?

[–] ChromaticMan@lemmy.world 17 points 2 days ago (2 children)

Sadly, nobody reads docs anymore. Now that I’m thinking, people never read the docs.

[–] racemaniac@lemmy.dbzer0.com 3 points 1 day ago (1 children)

Suppose we all did read the docs. How possible is it with the complexity of a modern system to really take literally everything in account, and understand the implications oof everything to keep your system safe? It's great that it's documented, but if security isn't the default option, it will lead to issues, and everything has become so complex, that imo correctly managing everything is literally impossible... This is a systemic issue, not a user issue.

[–] Lemmert@reddthat.com 1 points 1 day ago

I don't think it would've been an issue if they just put a warning in the getting started section in the docs (or if they just have secure defaults to begin with). But currently there's no mention of it. It took almost a year for me to realise that I was running "production ready code" in root

[–] ghodawalaaman@programming.dev 1 points 2 days ago (1 children)

especially when newer docs are AI generated. fucking happens where I work

[–] glibg10b@lemmy.zip 3 points 2 days ago

I have never even looked at the Docker docs