Docker Community Forums

Share and learn in the Docker community.

Docker daemon access within Docker as non-root user: Permission denied while trying to connect to Docker daemon socket

This is a strange problem that I cannot figure out

My user outside the container is in the docker groups, when I mount passwd/group/sudoers etc into the container, and directly launch my host uid/gid into the container, I am not part of the docker group.

sudo usermod -aG docker $USER

# Will not work
docker run \
    --rm -it \
    -u $(id -u):$(id -g) \
    --volume \
    /etc/sudoers:/etc/sudoers:ro \
    --volume \
    /etc/group:/etc/group:ro \
    --volume \
    /etc/passwd:/etc/passwd:ro \
    --volume \
    /etc/shadow:/etc/shadow:ro \
    --volume \
    /etc/sudoers.d:/etc/sudoers.d:ro \
    --volume \
    /usr/bin/docker:/usr/bin/docker \
    --volume \
    /var/run/docker.sock:/var/run/docker.sock \
    ubuntu:18.04 \
    docker ps

However, when I launch into the container and switch to that user, it seems to work.

# Type docker ps at prompt, works
docker run \
    --rm -it \
    --volume \
    /etc/sudoers:/etc/sudoers:ro \
    --volume \
    /etc/group:/etc/group:ro \
    --volume \
    /etc/passwd:/etc/passwd:ro \
    --volume \
    /etc/shadow:/etc/shadow:ro \
    --volume \
    /etc/sudoers.d:/etc/sudoers.d:ro \
    --volume \
    /usr/bin/docker:/usr/bin/docker \
    --volume \
    /var/run/docker.sock:/var/run/docker.sock \
    ubuntu:18.04 \
    "su $USER -s /bin/bash"

I seem to recall the former working previously. Is there a way to use docker as a non-root user inside the container?

I don’t understand why you bind-mount all these directories … doesn’t make much sense …
On top you try to execute a “docker ps” tailed to the “docker run …” command … which should fail (except your contaier itself is also running docker :face_with_monocle:). This command will list all running containers not processes and certainly not any user credentials
The second line will lauch a container, execute a sudo, pop up a bash and die instantly afterwards …

It’s not a good idea anyway to use any host credentials directly inside a container. A container is ment run autonomous from its host (more or less)

Please explain what you’re try to achive ? Why do you need all these files inside the container ?

The Docker run reference says:

The developer can set a default user to run the first process with the Dockerfile USER instruction. When starting a container, the operator can override the USER instruction by passing the -u option.

The Dockerfile of the ubuntu image(s) does not declare a USER, as such the -u option has no effect.