Docker Community Forums

Share and learn in the Docker community.

Unable to use docker without sudo

docker

(Timoriikonen) #1

I have installed Docker on latest Fedora more-or-less as described in the docs: https://docs.docker.com/engine/installation/linux/fedora/

[timoacer@localhost skflow]$ sudo dnf -y install docker
Package docker-1:1.9.1-6.git6ec29ef.fc23.x86_64 is already installed, skipping.

[timoacer@localhost skflow]$ sudo dnf install docker-engine
Error: package docker-engine-1.9.1-1.fc23.x86_64 conflicts with docker provided by docker-1:1.9.1-6.git6ec29ef.fc23.x86_64
(try to add ‘–allowerasing’ to command line to replace conflicting packages)

[timoacer@localhost skflow]$ sudo usermod -aG dockerroot timoacer
[timoacer@localhost skflow]$

[timoacer@localhost skflow]$ grep dockerroot /etc/group
dockerroot:x:978:timoacer

[timoacer@localhost skflow]$ docker run hello-world
Cannot connect to the Docker daemon. Is the docker daemon running on this host?

[timoacer@localhost skflow]$ sudo docker run hello-world

Hello from Docker.
This message shows that your installation appears to be working correctly.

[timoacer@localhost skflow]$ ps -ef | grep docker
root 1136 1 0 Apr12 ? 00:00:16 /usr/bin/docker daemon --selinux-enabled --log-driver=journald

It seems that setgid is not supported in Fedora for daemon services, so how do I set the docker to run using dockerroot group?


Docker Image Ls fails with permission denied
(Jeff Anderson) #2

What is the output of this?

ls -lah /var/run/docker.sock

Also, did you relogin to make your changes to /etc/group take effect? check it by typing groups to see if your shell knows it’s in the dockerroot group.


(Timoriikonen) #3

[timoacer@localhost ~]$ ls -lah /var/run/docker.sock
srw-rw----. 1 root root 0 Apr 13 13:30 /var/run/docker.sock

Before reboot/relogin:
[timoacer@localhost ~]$ groups
timoacer wheel
[timoacer@localhost ~]$ groups timoacer
timoacer : timoacer wheel dockerroot

After reboot:
[timoacer@localhost ~]$ groups
timoacer wheel dockerroot

Restarting new shell tends to be enough, but it really is relogin that is required as you had mentioned in your instructions. So half of the problem solved, but socket still doesn’t use the correct group, so I still fail to start docker without sudo command.


(Jeff Anderson) #4

Since the socket doesn’t have the dockerroot group, that’d explain the problem you are having. If you change it, then I would expect users of that group to be able to interact with the socket.


(Smartrob) #5

I have a similar problem and according to this it seems correct but still does not work.

rob@~$ ls -lah /var/run/docker.sock
srw-rw---- 1 root docker 0 Nov 1 11:53 /var/run/docker.sock
$?=0
rob@~$ groups
rob adm cdrom sudo dip plugdev lpadmin sambashare docker vboxsf
$?=0
rob@~$ docker --version
[sudo] password for rob:
$?=1 HUP
rob@~$


(Ezkotma) #6

I think you need to change permissions for the normal user connecting daemon socket.

Type the follwing command: " #chmod 777 /var/run/docker.sock".

If yu dont have other users using your machine.


(Archimedes Trajano) #7

I would recommend you use the TLS connection and do the docker executions from a remote machine rather than the node itself. That way you don’t expose the socket to anyone.


(Debuti) #8

This one is the key. just chown root:dockerroot the socket and you will be good to go!