Can 'docker-compose down' be somehow prevented from running in production?
I really don’t want it to be possible to run
docker-compose down in production. Ever. Is there a way to overwrite that command either in zsh or otherwise that will just throw an error if run on the production server?
We tried to alias the command to something else but to no avail.
One Solution collect form web for “Can 'docker-compose down' be somehow prevented from running in production?”
I hope you’re not doing this for security purposes? You can control which user can and cannot manage docker services (and therefore docker-compose) by adding/removing them from the docker group.
If you want to prevent yourself from accidentally running
docker down, you can write a wrapper script:
#!/bin/bash for arg in "$@";do if [[ "$arg" = "down" ]];then >&2 echo "ERROR: 'docker-compose down' has been disabled!" exit 1 fi done /usr/local/bin/docker-compose "$@" # Adapt to actual path to docker-compose binary if different
Put this as
docker-compose in a location early in your
$HOME/bin/docker-composeand make it executable. It will exit with a warning to STDERR if the command line contains
However, this will not prevent anyone with malicious intents and the necessary permissions to call the real docker-compose binary directly.