I have been unable to find any help online for this simple mistake I made, so I was looking for some help. I am using a server to run a docker image in a container and I mistyped and have caused an annoyance for myself. I ran the command
docker run --rm -v typo:location docker_name
and since I had a typo with the directory to mount it created a directory on the host machine, and when the container ended the directory remained. I tried to remove it, but i just get the error
rm -rf typo/
rm: cannot remove 'typo': Permission denied
I know now that I should have used --mount instead of -v for safety, but the damage is done; how can I remove this directory without having access to the container that created it?
I apologize in advance, my knowledge of docker is quite limited. I have mostly learned it only to use a particular image and I do a bunch of Google searches to do the rest.
The first rule of Docker security is, if you can run any docker command at all, you can get unrestricted root access over the entire host.
So you can fix this issue by running a container, running as root and bind-mounting the parent directory, that can delete the directory in question:
docker run \
--rm \
-v "$PWD:/pwd" \
busybox \
rm -rf /pwd/typo
I do not have
sudopermissions
You can fix that
docker run --rm -v /:/host busybox vi /host/etc/sudoers
(This has implications in a lot of places. Don't indiscriminately add users to a docker group, particularly on a multi-user system, since they can trivially get root access. Be careful publishing the host's Docker socket into a container, since the container can then root the host; perhaps redesign your application to avoid needing it. Definitely do not expose the Docker socket over the network.)