Running Docker as non-root user

I'm trying to run docker as a non-root user. When I try, I get the following error:

$ docker ps
FATA[0000] Get http:///var/run/docker.sock/v1.18/containers/json: dial unix /var/run/docker.sock: permission denied. Are you trying to connect to a TLS-enabled daemon without TLS?

I can run docker as root:

$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[...]

I've put this user into a Unix group docker:

$ groups
domain users docker suappprod stashadmin config_mgmt remote server access sudevmail sudevsvn

However, it still appears that this user cannot run most of the docker commands without sudoing as root.

I am on an older version of docker:

$ docker --version
Docker version 1.6.1, build a8a31ef/1.6.1

I know that the latest is 1.10, and it's possible for our company to update all of the docker installs to 1.9.2, but that will take a lot of effort and time.

Is there something else I need to look at? The user has been logged in and out multiple times. I have not rebooted the system yet.

标签： docker

3条回答

forever°为你锁心

2楼-- · 2019-03-27 08:49

My docker version is 17.06.1-ce, build 874a737 on Ubuntu 16.04.3 LTS
For linux distro that using systemd there is service named docker.socket

linux@linux-ubuntu:~$ sudo systemctl status docker.socket
● docker.socket - Docker Socket for the API
   Loaded: loaded (/lib/systemd/system/docker.socket; disabled; vendor preset: enab
       Active: active (running) since Sab 2017-08-26 01:15:26 WIB; 9min ago
   Listen: /var/run/docker.sock (Stream)

Agu 26 01:15:26 hasto-ubuntu systemd[1]: Starting Docker Socket for the API.
Agu 26 01:15:26 hasto-ubuntu systemd[1]: Listening on Docker Socket for the API.
linux@linux-ubuntu:~$

The file location is at /lib/systemd/system/docker.socket

linux@linux-ubuntu:~$ cat /lib/systemd/system/docker.socket 
[Unit]
Description=Docker Socket for the API
PartOf=docker.service

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=root
SocketGroup=docker

[Install]
WantedBy=sockets.target
linux@linux-ubuntu:~$

From that file we can change SocketMode=0660 into SocketMode=0666

Restart docker.socket

systemctl restart docker.socket

Our docker socket permission will be 066 means every user can read and write into it.

Every user can now run docker command as non-root user.

linux@linux-ubuntu:~$ docker ps -a
CONTAINER ID        IMAGE                    COMMAND                  CREATED      STATUS                  PORTS  NAMES
03eb2ba2eacd        google/cadvisor:latest   "/usr/bin/cadvisor..."   5 weeks ago  Exited (0) 5 weeks ago         elk_cadvisor_1
52efa40edf3a        portainer/portainer      "/portainer"             7 weeks ago  Exited (2) 11 days ago         portainer
linux@linux-ubuntu:~$ 

linux@linux-ubuntu:~$ docker images
REPOSITORY          TAG                      IMAGE ID            CREATED           SIZE
portainer/portainer latest                   96196eaa6b3         8 weeks ago       10.4MB
google/cadvisor     latest                   f9ba08bafdea        5 months ago      57.3MB
linux@linux-ubuntu:~$

Be aware of non-root access to docker command Why we don't let non-root users run Docker in CentOS, Fedora, or RHEL

Reference :

0人赞添加讨论(0) 举报

Rolldiameter

3楼-- · 2019-03-27 09:01

Adding users to the Docker group (since Docker group has full control to the socket)

As root, add the user to the docker group:

Cat /etc/group
gpasswd -a <username> docker
Exit (as root)
Log off
Log in as the user, and attempt to run "Docker PS" to validate.

This is how I've been able to set it up on my Ubuntu systems time and time again.

0人赞添加讨论(0) 举报

对你真心纯属浪费

4楼-- · 2019-03-27 09:14

Check what this command gives --> ls -l /var/run/docker.sock You may want to change the permissions of this file using chmod (Ex: sudo chmod 777 /var/run/docker.sock) depending on what permissions you want to give.

0人赞添加讨论(0) 举报

Running Docker as non-root user

采纳回答

编辑标签

举报内容

检举类型

检举原因

检举说明(必填)

打开微信“扫一扫”，打开网页后点击屏幕右上角分享按钮

付费偷看金额在0.1-10元之间