I have just started learning docker.
I have created a group 'docker' and added users into the group so these users can avoid using sudo when doing 'docker run' etc...but I do not want these users to run 'docker rm,docker rmi, docker images' etc. Is there a way to set a restriction on these commands for users in 'docker' group? Is this possible to achieve?
Thanks
Edit:
Here is our case, (excuse my English, I hope I explained it clearly)
We have a cluster of nodes, we use ansible to install docker, build docker image and store the image on each one of the nodes. We do not want any users to touch these nodes.
Once user login via another web portal, they will be assigned 1 node from the cluster, and get a desktop which is accessible from browser. We do not want users to have root access at all. They are only allowed to do things in their home folder. There will be no sudo password for users.
In the desktop, there's a menu option 'ABC'. 'ABC' is an application in docker container. So clicking the menu option runs the container, the command behind the menu is 'docker run .....'. Because docker only runs as 'root', so we added the logged in user into the 'docker' group so that when user click the menu, 'docker run' will not ask for sudo password, and the application container will run successfully.
But the problem is any user in 'docker' group are considered as root, so probably even if we are able to just allow user to use 'docker run', they still can do a lot of things.
If we do not add user into 'docker' group, clicking the menu won't launch the program.
I'm still googling around trying find a solution to this.
Thanks
