Setting Permissions for Docker Configuration Files
Setting Permissions for /etc/docker/daemon.json
- The owner and owner group of the daemon.json file are set to root:root, and the file permission is set to 600.
The daemon.json file contains sensitive parameters for changing the Docker daemon process. It is an important global configuration file. The owner and owner group of the file must be root, and only the root user has the write permission on the file to ensure file integrity. This file does not exist by default.
- If the daemon.json file does not exist by default, the product does not use this file for configuration. In this case, you can run the following command to set the configuration file to empty in the boot parameters so that the file is not used as the default configuration file to prevent attackers from maliciously creating and modifying configurations.
docker --config-file=""
- If the daemon.json file exists in the product environment, the file has been used for configuration. In this case, you need to set the corresponding permission to prevent malicious modification.
- Run the following command to set the owner and owner group of the file to root:
chown root:root /etc/docker/daemon.json
- Run the following command to set the file permission to 600:
chmod 600 /etc/docker/daemon.json
- Run the following command to set the owner and owner group of the file to root:
- If the daemon.json file does not exist by default, the product does not use this file for configuration. In this case, you can run the following command to set the configuration file to empty in the boot parameters so that the file is not used as the default configuration file to prevent attackers from maliciously creating and modifying configurations.
Parent topic: Hardening Container Security