Information
You should verify that all the registry certificate files (usually found under /etc/docker/certs.d/<registry-name> directory) have permissions of 444 or are set more restrictively.
Rationale:
The /etc/docker/certs.d/<registry-name> directory contains Docker registry certificates. These certificate files must have permissions of 444or more restrictive permissions in order to ensure that unprivileged users do not have full access to them..
Solution
You should execute the following command:
chmod 444 /etc/docker/certs.d/<registry-name>/*
This would set the permissions for the registry certificate files to 444.
Impact:
None.
Default Value:
By default, the permissions for registry certificate files might not be 444. The default file permissions are governed by the system or user specific umaskvalues which are defined within the operating system itself.