Hi,

Basically, I’d like for our users to be able to run docker without using sudo, but I’m having some trouble. I’d like to use an LDAP group (or netgroup). If I create a local “docker” group and restart the daemon, the /var/run/docker.sock file is ownership root:docker as I expect. However if I use an LDAP group, the daemon doesn’t recognize the group and the docker.sock file stays as root:root.

I’m running Oracle Linux, 3.8.13-118.14.1.el6uek.x86_64

root@rhvm100:/etc/sysconfig> grep ^group /etc/nsswitch.conf
group: files ldap

root@rhvm100:/etc/sysconfig> groups rhelfand
rhelfand : users docker

root@rhvm100:/etc/sysconfig> /etc/init.d/docker start
Starting docker: [ OK ]

root@rhvm100:/etc/sysconfig> ls -la /var/run/docker.sock
srw-rw---- 1 root root 0 Mar 21 08:37 /var/run/docker.sock

I know I could chgrp the sock file after it starts up, or create a local group, or use sudo. Just looking to see if anyone has gotten this working successfully.

Thanks!

I too would like this to work and it’s now October 2018, I’m on Oracle Linux 7, docker-engine 18.03, and it appears that nobody from the docker team has responded to this or thinks it’s worthy of being worked on. Fact?

I can’t offer any official solution. But what has worked for me is to create the local docker group. Get the gid, and create a docker group in ldap with the same gid. Add in ldap to the ldap docker group, and it seems to work for me. Hope this helps.