GitList

Browse code

docker-login man/doc add security info

Signed-off-by: Sally O'Malley <somalley@redhat.com>

Sally O'Malley authored on 2015/11/03 07:20:38
Showing 2 changed files

docs/reference/commandline/login.md index 6361d99..c6e367c 100644
man/docker-login.1.md index b87e2c1..c32a49b 100644

@@ -25,3 +25,16 @@ adding the server name.
                          example:
                          $ docker login localhost:8080
+                    +
+                    +
                     +`docker login` requires user to use `sudo` or be `root`, except when:
+                    +
                     +1.  connecting to a remote daemon, such as a `docker-machine` provisioned `docker engine`.
                     +2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details.
+                    +
                     +You can log into any public or private repository for which you have
                     +credentials.  When you log in, the command stores encoded credentials in
                     +`$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
+                    +
                     +> **Note**:  When running `sudo docker login` credentials are saved in `/root/.docker/config.json`.
                     +>

man/docker-login.1.md

History View file @ f965781

@@ -18,10 +18,18 @@ Register or log in to a Docker Registry located on the specified
                      do not specify a `SERVER`, the command uses Docker's public registry located at
                      `https://registry-1.docker.io/` by default.  To get a username/password for Docker's public registry, create an account on Docker Hub.
                     +`docker login` requires user to use `sudo` or be `root`, except when:
+                    +
                     +1.  connecting to  a remote daemon, such as a `docker-machine` provisioned `docker engine`.
                     +2.  user is added to the `docker` group.  This will impact the security of your system; the `docker` group is `root` equivalent.  See [Docker Daemon Attack Surface](https://docs.docker.com/articles/security/#docker-daemon-attack-surface) for details.
+                    +
                      You can log into any public or private repository for which you have
                      credentials.  When you log in, the command stores encoded credentials in
                      `$HOME/.docker/config.json` on Linux or `%USERPROFILE%/.docker/config.json` on Windows.
                     +> **Note**: When running `sudo docker login` credentials are saved in `/root/.docker/config.json`.
                     +>
+                    +
                      # OPTIONS
                      **-e**, **--email**=""
                         Email
@@ -49,3 +57,4 @@ April 2014, Originally compiled by William Henry (whenry at redhat dot com)
                      based on docker.com source material and internal work.
                      June 2014, updated by Sven Dowideit <SvenDowideit@home.org.au>
                      April 2015, updated by Mary Anthony for v2 <mary@docker.com>
                     +November 2015, updated by Sally O'Malley <somalley@redhat.com>