Can 'docker-compose down' be somehow prevented from running in production?

I really don’t want it to be possible to run docker-compose down in production. Ever. Is there a way to overwrite that command either in zsh or otherwise that will just throw an error if run on the production server?

We tried to alias the command to something else but to no avail.

  • Does Alpine Linux handle certs differently than Busybox?
  • How to get the docker containers information with Ruby and monitor it
  • What is the best approach to configure Docker for a webapp?
  • “Error: spawn mongoexport ENOENT” when running dockerized node app
  • 503 Service Temporarily Unavailable with gitlab docker and nginx-proxy docker
  • How to map subdomains to multiple docker containers (as web servers) hosted using Elastic Bean Stack on AWS
  • How to restart Docker-for-mac with command?
  • Fedora seems to not support btrfs
  • launch basic bash script on docker build from windows system
  • what is the default password of CoreOS? [closed]
  • Difference between Docker for AWS and Docker Cloud?
  • Docker volume created with nfs server is not reflecting the data from nfs server
  • One Solution collect form web for “Can 'docker-compose down' be somehow prevented from running in production?”

    I hope you’re not doing this for security purposes? You can control which user can and cannot manage docker services (and therefore docker-compose) by adding/removing them from the docker group.

    If you want to prevent yourself from accidentally running docker down, you can write a wrapper script:

    for arg in "$@";do
        if [[ "$arg" = "down" ]];then
            >&2 echo "ERROR: 'docker-compose down' has been disabled!"
            exit 1
    /usr/local/bin/docker-compose "$@"   # Adapt to actual path to docker-compose binary if different

    Put this as docker-compose in a location early in your $PATH, e.g. $HOME/bin/docker-composeand make it executable. It will exit with a warning to STDERR if the command line contains down.

    However, this will not prevent anyone with malicious intents and the necessary permissions to call the real docker-compose binary directly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.