Establishing Proper User Permissions For Docker

In this lesson, we'll properly configure Docker for our server's security as well as logging. Once done, we're almost ready for Bitwarden Unified.

First, we're going to enable our Limited User Account to manage Docker, so that we don't have to do so as root.

Let's create a group called 'docker'.

sudo groupadd docker

If your system tells you you already have a docker group, that's fine.
Now add your Limited User to this group.

sudo usermod -aG docker $USER

Replace $USER with your username. In my case, it would look like this:

sudo usermod -aG docker quail

You can double-check the groups your user is in with the following command.

groups $USER

When I run the command

groups quail

I get the following result

Now, you can either log out (type 'exit' into your CLI and log back in via SSH) and log back in (via SSH) to have your membership re-evaluated or you can run the following command to propagate your group changes.

newgrp docker

Either way, let's test that you can run docker without invoking sudo.

docker run hello-world

If you see the Hello World script, we're good.

For more information on this process, you can visit Docker's Official Post-Installation Steps.

Setting Up Docker JSON Log Rotation

The last thing we'll do is set up Log Rotation so that we can have nice Log Files we can view if anything ever goes wrong with Docker on our server.

First, let's create a text file, so Docker knows how we want our logs to work.

sudo nano /etc/docker/daemon.json

This will be a blank text file. Copy the following in.

  "log-driver": "json-file",
  "log-opts": {
    "max-size": "100m",
    "max-file": "50",
    "compress": "true"

This code tells Docker to create 100MB log files, rotate a full file out for a total of 50 log files, and compress all log files that are being stored.

If you know what you're doing, you can adjust this based on the storage capacity of your server. However, if you're using the Linode 2GB server we recommend these settings are good.

Save and exit this file.

Now run the following command to restart Docker.

sudo systemctl restart docker

Congratulations! We're done with Docker.

We have done all the necessary work to install Bitwarden, which we'll do in the next Module!

For more information on Docker Security, you can visit Docker's Official Daemon Attack Surfaces Guide.

For more information on Docker Log Rotation, you can visit Docker's Official JSON Logging Documentation.