Docker Community Forums

Share and learn in the Docker community.

No more 'docker' group

(nicolas De Loof) #1

Expected behavior

boot2docker image has a docker group one can use to access docker socket. I used to run container with bind mounting /var/run/docker.sock and docker binary to interact with docker from container. So have been using --group-add 100 (docker gid on boot2docker) to grant access to docker socket whatever non-root user is defined on the docker image.

Actual behavior

docker=100 group doesn’t seem to exist on Docker for Mac VM.
Simple workaround is to run with --group-add staff

Maybe this isn’t the best way to setup a container with access to host docker socket, would then be useful to document it - I can’t find an official doc on this topic.

Steps to reproduce the behavior

  1. run docker run -v /var/run/docker.sock:/var/run/docker.sock -v /usr/bin/docker:/usr/bin/docker --group-add 100 -it --rm jenkins bash.
  2. Then from container’s shell run docker ps
    Cannot connect to the Docker daemon. Is the docker daemon running on this host?

(Chris Pearce) #2

It would be very useful to understand whether we should no longer be assigning users to the docker group and instead be using the staff group.

I am using the same approach as @ndeloof. Whilst it works, I’m not sure if this is the intended best practice approach.

Also, having the documentation include the correct steps to access the Docker socket whilst using Docker for Mac would be very helpful.

(Sam Thambu) #3

If someone is still trying today(ie Dec2017) to access docker from within a container by mounting /var/run/docker.sock from MacOS(Host) and getting the “EACCES /var/run/docker.sock” permission error because of not having docker group in the host OS(ie mac) - pls try @ndeloof solution and it works great.