Title. Long,short story: creating or editing files with nano as my non-root user gives (the file) elevated privileges, like I have ran it w/ sudo or as root. And the (only) “security hole” that I can think of is a nextdns docker container running as root. That aside, its very “overkill” security-wise (cap_drop=ALL, non-root image, security_opt=no_new_privileges, etc.).
It’s like someone tried to hack me but gave up halfway. Am I right or wrong to assume this? Just curious.
Thanks in advance.
Do you run docker container in privileged mode? https://phoenixnap.com/kb/docker-privileged
And do you run nano inside the container?
Docker container running in privileged mode has root permissions to host filesystem and devices (limited by said restrictions).