Installing Portainer agent on rootless docker


A project I’m working on requires rootless Docker. So I installed that on a Debian 12.5 (for a user with sudo privileges) and proceeded as follows:

sudo apt update
sudo apt-get install docker-ce docker-ce-cli docker-buildx-plugin docker-compose-plugin
sudo apt install uidmap
sudo apt-get install -y dbus-user-session
sudo systemctl disable --now docker.service docker.socket

Ran script in /usr/bin (location after Docker 20.10 or later install): install
systemctl --user enable docker
sudo loginctl enable-linger $(whoami)

Added these two lines to my .bashrc file (eumaios has UID 1000):
export PATH=/home/eumaios/bin:$PATH
export DOCKER_HOST=unix:///run/user/1000/docker.sock

But now when I get to this command:
sudo setcap cap_net_bind_service=ep $HOME/bin/rootlesskit

It outputs: “Failed to set capabilities on file ‘/home/serai/bin/rootlesskit’: No such file or directory”

This makes sense, since no such file does exist. But I’m at my wits’ end as to where to turn now. It goes witout saying it’s unfortunate my first experience with Docker is trying it rootless, but it is what it is.

If you followed the instructions here Run the Docker daemon as a non-root user (Rootless mode) | Docker Docs which based on the steps you took it looks like you were following it or something created from it, I think the command you’re looking for is:

sudo setcap cap_net_bind_service=ep $(which rootlesskit)

This is to let you bind privileged ports from docker, so you might want to ask the question “can I do this with higher number ports, or do I need the <=1024 numbered ports”

1 Like