docs: add "rootless mode" to exceptions of "Privileged user requirement"

[Javiery3889]

Modify source files for docs instead as mentioned in docker/docs#20637.

[dvdksn]

Thank you for contributing! It appears your commit message is missing a DCO sign-off,
causing the DCO check to fail.

We require all commit messages to have a Signed-off-by line with your name
and e-mail (see "Sign your work"
in the CONTRIBUTING.md in this repository), which looks something like:

Signed-off-by: YourFirsName YourLastName <[email protected]>

There is no need to open a new pull request, but to fix this (and make CI pass),
you need to amend the commit(s) in this pull request, and "force push" the amended
commit.

Unfortunately, it's not possible to do so through GitHub's web UI, so this needs
to be done through the git commandline.

You can find some instructions in the output of the DCO check (which can be found
in the "checks" tab on this pull request), as well as in the Moby contributing guide.

Steps to do so "roughly" come down to:

1. Set your name and e-mail in git's configuration:

   git config --global user.name "YourFirstName YourLastName"
   git config --global user.email "[email protected]"

   (Make sure to use your real name (not your GitHub username/handle) and e-mail)

2. Clone your fork locally

3. Check out the branch associated with this pull request

4. Sign-off and amend the existing commit(s)

   git commit --amend --no-edit --signoff

   If your pull request contains multiple commits, either squash the commits (if
   needed) or sign-off each individual commit.

5. Force push your branch to GitHub (using the --force or --force-with-lease flags) to update the pull request.

Sorry for the hassle (I wish GitHub would make this a bit easier to do), and let me know if you need help or more detailed instructions!

[codecov-commenter]

Codecov Report

All modified and coverable lines are covered by tests ✅

Project coverage is 59.78%. Comparing base (a464a63) to head (0fe3366).
Report is 2 commits behind head on master.

Additional details and impacted files

@@           Coverage Diff           @@
##           master    #5359   +/-   ##
=======================================
  Coverage   59.78%   59.78%           
=======================================
  Files         345      345           
  Lines       23394    23394           
=======================================
  Hits        13985    13985           
  Misses       8438     8438           
  Partials      971      971           

[Javiery3889]

Hi @dvdksn, my sincere apologies! Thank you for the in-depth instructions, the sign-off should be reflected for the commit!

[Javiery3889]

Hi @laurazard @vvoland, I notice that this PR has a merge conflict. Would you prefer if I resolve the conflict and request for approval again?

[laurazard]

Hi @Javiery3889! Yes, we'd appreciate if you could resolve the conflict and then we can merge :)

[dvdksn]

I removed this section in 2f206ff (hence the need for a rebase) because this is not specific to the login command; the sudo restriction applies to all commands.

[laurazard]

Thanks! I'd noticed that and meant to comment.

[Javiery3889]

Hi @dvdksn, understood and thank you for the clarification!

@laurazard Would that mean that this PR will not be needed? Since “Rootless mode” applies to all commands as well.

Or perhaps it would be to rename this section as “Privileged user exceptions” and add the point below which is specific for docker login:

Connecting to a remote daemon, such as a docker-machine provisioned docker engine.

[laurazard]

Would that mean that this PR will not be needed?

That might be the case, apologies 😓

Or perhaps it would be to rename this section as “Privileged user exceptions” and add the point below which is specific for docker login:

Connecting to a remote daemon, such as a docker-machine provisioned docker engine.

Not sure about that – docker login is a bit of a misnomer – it's not doing anything with the engine*, it's merely authenticating/saving credentials for the local user's CLI for a given registry. If you run docker login and then try to pull an image from a private repo you have credentials for, it doesn't matter whether you use a local engine or a remote daemon, since the CLI will grab the credentials and send them on a per-pull basis to whatever daemon you're using. In effect, the daemon has no concept of "logged in" or "not logged in". That depends entirely on the client calling the engine including credentials for that operation in the call.

---

*It does call the engine, but only after the user has already typed in credentials/logged in, to verify that the credentials work.

[Javiery3889]

@laurazard Understood and thank you for the clarification! I will be closing this PR.

[laurazard]

Apologies for not mentioning this earlier.

[Javiery3889]

No worries! @laurazard