Skip to content
Advertisement

Starting Docker containers from PHP

When I attempt to startup a Docker container via PHP I get the following error

JavaScript

I try to execute the docker run command via shell_exec so the executing user, on Ubuntu 14.04, is www-data. For good measure I tried to run the docker command as sudo but it made no difference. Googling around for “Are you trying….” turns up a few links that may well have some information that is relevant – e.g. here – but I have not been able to make much sense of it yet.

Also for good measure I output the Docker command I am trying to execute to stderr, copied it and executed it via SSH directly. Here is that command

JavaScript

followed by

JavaScript

and then browsing to that container – no issues, everything works perfectly.

I am aware that command is going to provoke comments along the lines of “you should only have one app per container”. That is not the issue here.

Am I trying the impossible here or is there a relatively simple way to manipulate Docker via a PHP script and shell_exec?

Advertisement

Answer

I am posting this as an answer rather than as a comment since it does in fact resolve the issue. However, I do have reservations about the solution so I am hoping that there are going to be other answers here. I modified sudoers by adding

www-data hostname=(ALL)NOPASSWD:ALL Defaults !requiretty

which offers a complete resolution to the problem – I can now start up the Docker container from a PHP script. Allv very good but I do have some concerns about loosening up sudoers in this way. The environment in which all of this is happening is controlled but even so it does sound like a far from perfect solution.

I tried replacing NOPASSWD:ALL with NOPASSWD:/path/to/script but that does not work since what is expected is NOPASSWD:application.

If anyone could suggest a way that offers a more secure solution I would be most obliged.

User contributions licensed under: CC BY-SA
5 People found this is helpful
Advertisement