Can 'docker-compose down' be somehow prevented from running in production?

I really don’t want it to be possible to run docker-compose down in production. Ever. Is there a way to overwrite that command either in zsh or otherwise that will just throw an error if run on the production server?

We tried to alias the command to something else but to no avail.

  • getting a ptty for docker start
  • Docker Remote API filters: filter out network by name
  • Set profile on bootstrap.yml in spring cloud to target different config server
  • Docker: Could not get container for XXX
  • Forward local SSH credentials to Docker container inside Vagrant VM
  • Building docker image, inside an alpine linux container
  • docker-compose: postgres data not persisting
  • Deploying docker container using marathon
  • Run project dependencies commands from dockerfile
  • Unable to execute Postgresql commands with python in seperate docker containers
  • How do I populate a volume in a docker-compose.yaml
  • meteor webpack did not hot reload
  • One Solution collect form web for “Can 'docker-compose down' be somehow prevented from running in production?”

    I hope you’re not doing this for security purposes? You can control which user can and cannot manage docker services (and therefore docker-compose) by adding/removing them from the docker group.

    If you want to prevent yourself from accidentally running docker down, you can write a wrapper script:

    #!/bin/bash
    for arg in "$@";do
        if [[ "$arg" = "down" ]];then
            >&2 echo "ERROR: 'docker-compose down' has been disabled!"
            exit 1
        fi
    done
    /usr/local/bin/docker-compose "$@"   # Adapt to actual path to docker-compose binary if different
    

    Put this as docker-compose in a location early in your $PATH, e.g. $HOME/bin/docker-composeand make it executable. It will exit with a warning to STDERR if the command line contains down.

    However, this will not prevent anyone with malicious intents and the necessary permissions to call the real docker-compose binary directly.

    Docker will be the best open platform for developers and sysadmins to build, ship, and run distributed applications.