I am learning penetration testing, and I am trying to perform linux privilege escalation using docker. So I created a new user with the minimum permissions and I added it to the docker group. The problem now is that this new user cannot run docker.
I tried to change the permission for this user using chmod but it does not work. Can anyone help me please to permit the new user to run docker!! this is the new user : pentester:x:1001:1001::/home/pentester:/bin/bash and this is the docker group : docker:x:976:anasgharsa,pentester and when I am connected with the new user and try “docker images” or “docker ps” I get this error message : “unable to get absolute bin path: stat .: permission denied”
first of all thank you for your reply .so what can i do ?? how can I fix this? even the other user “anasgharsa” has GID 1000 and still can run docker without any problem
You’re welcome. The user that you setup as yourself is in the Wheel group so it has elevated permissions already. It could just be as simple as a SELinux issue since it is access that is at issue. Can you run the container using Podman instead of Docker? Just to try it out.
thank you so much for the clarification! I tried what you suggested and it works but when I run docker ps -a it give another results, not the same containers that I have, is it normal ?
Thank you for your reply, I will try podman instead of docker, but the problem is that this is an academic project for the university and the professor want docker
Then by all means get it working with Docker.
Podman is included with the base Fedora install normally.
The problems with Docker relate to the fact it used to require a daemon, with root privileges which is sort of counter intuitive for a normal user to have to be root to start something. Also they used a different runtime (I think runc instead of crun???). Docker came out with daemonless docker not that long ago and there has been work inside the community around it. Thats why there is a docker package in Fedora Repo’s.