Docker group and permissions

I am learning penetration testing, and I am trying to perform linux privilege escalation using docker. So I created a new user with the minimum permissions and I added it to the docker group. The problem now is that this new user cannot run docker.

I tried to change the permission for this user using chmod but it does not work. Can anyone help me please to permit the new user to run docker!! this is the new user : pentester:x:1001:1001::/home/pentester:/bin/bash and this is the docker group : docker:x:976:anasgharsa,pentester and when I am connected with the new user and try “docker images” or “docker ps” I get this error message : “unable to get absolute bin path: stat .: permission denied”

I assume you didn’t install the docker engine yourself, did you?
Otherwise, you should have stumbled across the post installation steps mentioned in the installation instructions: Linux post-installation steps for Docker Engine | Docker Docs.

Docker runs the daemon as root, unless you specifically use rootless docker.

I did install the docker by meslf and I know that the docker runs the daemon as root but I know that other users can run docker as well, just need to give a specific user the necesseries permissions to do that, and that what I wanted to do, I added the new user to the docker group using" sudo usermod -aG docker pentester" and I and I gave him the right permission to run docker using the chmod and than I restarted the docker service using " sudo service docker restart"


If the user added to the group was already connected to terminal, the new group will be unknown for this terminal session. The next terminal session for the user will have the new group added.

exactly and this is why I had to restart the service. can you tell me gently how I can fix this? I mean I need to run docker by this new user, how can I do it? I tried everything, I searched everywhere and I read hundreds of documentations but still did not find any solution, even you reply does not have any solution for this problem

thank you anyway for your reply

Please share the exact commands in the order you applied them. You must be deviating from the instructions from the link I shared in my first response, or didn’t establish a new terminal connection. Otherwise, it should have worked.

Update: furthermore, I moved your topic to the DockerEngine category, as it was misplaced in DockerHub.

at first I created a new user “pentester” than I added him to the docker group using “sudo usermod -aG docker pentester”. When I run the command “grep docker /etc/group” I get this “docker:x:976:anasgharsa,pentester”, so pentester is in the docker group. after that I changed the permissions for pentester using chmod to give him the permissions to run docker and I restarted the docker service by the command " sudo service docker restart" and then I started a new shell session. now when I run “groups pentester” I get this “pentester : pentester docker” but when I change user to pentester and I run “docker images” or even “docker ps -a” I get this error “unable to get absolute bin path: stat .: permission denied”

Please share the output of following commands:

stat /var/run/docker.sock
id pentester

The user group id and the group id of the unix file permissions are identical.
On a system without selinux it would work like that.

Though, it appears selinux prevents access to the docker.sock.
I can’t help you with selinux permission.

I really appreciate everything. thank you so much for the clarification