I have a server with the rootless daemon and 2+ people serving as Docker administrators. This presents a problem with sharing the data directory between users so we all are maintaining the same images and containers.
In rootful mode, the data directory is one single location on the system managed through the daemon. In rootless, depending on which user is logged in, it is a user directory owned by that user.
If the daemon service is running under my account, but the next day someone else takes over, how can I transfer the state of the data dir?
We cannot always chown/chmod/cp it because due to uid remapping, some of the subdirectories are owned by subordinate IDs.
It would be perfect if I were able to have an âownerlessâ folder shared among all the administrators. Any ideas?
Did you figure out a way to get this done? Iâm building a similar setup with rootless docker running for several users and I was hoping to use a common data root directory to avoid duplicating images, while maintaining some sort of âadminâ access for a few users to be able to manage all containers launched.
Thanks
Rootful Docker means the daemon is running as root and either the docker users are in the âdockerâ group or they have âsudoâ privilege.
Rootless Docker means the Docker daemon is running as a non-root user, so you could all have access to the same âdocker-managerâ user if you want to use the same Docker.
There is no such thing as
It wouldnât make sense. The user called ânobodyâ and the group called ânogroupâ can be seen sometimes when a container of a rootless Docker or a container using user namespace mounts a folder which is not owned by the user, but the purpose is to deny access and not grant it to everyone.
You can set groups the same way as the users in the âdockerâ group can access the docker socket of the rootful Docker.
I also donât think that not using the same user would make sense, since if you manage to grant access to the docker context of a rootless Docker, that command allows the user to mount everything in the users home.
Even if you use the same user, sometimes you want to access files in the Docker root for debugging reason or just delete the folder. Then you can run the
rootlesskit bash
command to run a bash in the user namespace of the rootless Docker and work as root in that context.
Nothing. Just a username I wrote as an example. The post was about being able to use the docker command by multiple users when you have rootless Docker which runs as your user not as root.
Regarding the error message: I shared a different command in my post so Iâm not sure what I could say about it. If you search for ârootlesskitâ on Google, it should be the first result.