Unable to use docker without sudo

Open Source Projects DockerEngine
1

I have installed Docker on latest Fedora more-or-less as described in the docs: https://docs.docker.com/engine/installation/linux/fedora/

[timoacer@localhost skflow]$ sudo dnf -y install docker
Package docker-1:1.9.1-6.git6ec29ef.fc23.x86_64 is already installed, skipping.

[timoacer@localhost skflow]$ sudo dnf install docker-engine
Error: package docker-engine-1.9.1-1.fc23.x86_64 conflicts with docker provided by docker-1:1.9.1-6.git6ec29ef.fc23.x86_64
(try to add ‘–allowerasing’ to command line to replace conflicting packages)

[timoacer@localhost skflow]$ sudo usermod -aG dockerroot timoacer
[timoacer@localhost skflow]$

[timoacer@localhost skflow]$ grep dockerroot /etc/group
dockerroot:x:978:timoacer

[timoacer@localhost skflow]$ docker run hello-world
Cannot connect to the Docker daemon. Is the docker daemon running on this host?

[timoacer@localhost skflow]$ sudo docker run hello-world

Hello from Docker.
This message shows that your installation appears to be working correctly.

[timoacer@localhost skflow]$ ps -ef | grep docker
root 1136 1 0 Apr12 ? 00:00:16 /usr/bin/docker daemon --selinux-enabled --log-driver=journald

It seems that setgid is not supported in Fedora for daemon services, so how do I set the docker to run using dockerroot group?

2

What is the output of this?

ls -lah /var/run/docker.sock

Also, did you relogin to make your changes to /etc/group take effect? check it by typing groups to see if your shell knows it’s in the dockerroot group.

3

[timoacer@localhost ~]$ ls -lah /var/run/docker.sock
srw-rw----. 1 root root 0 Apr 13 13:30 /var/run/docker.sock

Before reboot/relogin:
[timoacer@localhost ~]$ groups
timoacer wheel
[timoacer@localhost ~]$ groups timoacer
timoacer : timoacer wheel dockerroot

After reboot:
[timoacer@localhost ~]$ groups
timoacer wheel dockerroot

Restarting new shell tends to be enough, but it really is relogin that is required as you had mentioned in your instructions. So half of the problem solved, but socket still doesn’t use the correct group, so I still fail to start docker without sudo command.

4

Since the socket doesn’t have the dockerroot group, that’d explain the problem you are having. If you change it, then I would expect users of that group to be able to interact with the socket.

1 Like
5

I have a similar problem and according to this it seems correct but still does not work.

rob@~$ ls -lah /var/run/docker.sock
srw-rw---- 1 root docker 0 Nov 1 11:53 /var/run/docker.sock
$?=0
rob@~$ groups
rob adm cdrom sudo dip plugdev lpadmin sambashare docker vboxsf
$?=0
rob@~$ docker --version
[sudo] password for rob:
$?=1 HUP
rob@~$

6

I think you need to change permissions for the normal user connecting daemon socket.

Type the follwing command: " #chmod 777 /var/run/docker.sock".

If yu dont have other users using your machine.

1 Like
7

I would recommend you use the TLS connection and do the docker executions from a remote machine rather than the node itself. That way you don’t expose the socket to anyone.

8

This one is the key. just chown root:dockerroot the socket and you will be good to go!

9

I know this is an old topic, but I’m facing a similar problem.

Just installed Docker on Ubuntu 18.04:

leonardo@leo003:~$ groups
leonardo adm cdrom sudo dip plugdev lpadmin sambashare docker
leonardo@leo003:~$ ls -lah /var/run/docker.sock
srwxrwxrwx 1 root docker 0 abr 30 11:31 /var/run/docker.sock
leonardo@leo003:~$ docker info
Client:
 Debug Mode: false

Server:
 ERROR: Cannot connect to the Docker daemon at unix:///run/user/1000/docker.sock. Is the docker daemon running?
 errors pretty printing info

I’ve uninstalled docker, deleted the dockergroup a couple of times. Even reinstalled Ubuntu to remove eventual garbage, but nothing seems to help.

Extra info: docker works fine using sudo.

10

just to make sure, please run which docker and sudo which docker in order to verify that you’re using twice the same