Distribution: [QUESTION] How to separate permissions to pull / push containers?
How to implement restricted access to docker registry - some users can only pull, other - only push containers?
ghost
All 5 comments
use Auth service
xiaods
on 28 Nov 2015
@a93ushakov Please refer to this doc for authN and authZ:
https://docs.docker.com/registry/configuration/#auth
And this doc explains the mechanism of token based authentication:
https://docs.docker.com/registry/spec/auth/token/
xinxiaogang
on 30 Nov 2015
@xinxiaogang: this is nice, however, for simplicity is there an option to do this with plain htpasswd?
alonbl
on 26 May 2017
@alonbl no, plain htpasswd does not provide ACLs and the only built in ACL method uses a token. You can use a pre-built ACL solution or build your own using the example token server in contrib. There are plenty of products out there that provide this layer to make it simple for end users (for example https://github.com/cesanta/docker_auth).
dmcgowan
on 27 May 2017
@dmcgowan this is unfortunate, for two users one with read access and the other for read/write it is an overkill to install docker_auth or any other component. as htpasswd can contain several users already, it should be trivial to have a mapping of user: role under the auth section to enable this basic functionality.
alonbl
on 27 May 2017
Related issues
jean-christophe-manciot
路
4Comments
xflash
路
3Comments
luke-park
路
5Comments
felipeek
路
3Comments
Pruthvi08
路
3Comments
Most helpful comment
@dmcgowan this is unfortunate, for two users one with read access and the other for read/write it is an overkill to install docker_auth or any other component. as htpasswd can contain several users already, it should be trivial to have a mapping of user: role under the auth section to enable this basic functionality.