Hi,

Basically, I’d like for our users to be able to run docker without using sudo, but I’m having some trouble. I’d like to use an LDAP group (or netgroup). If I create a local “docker” group and restart the daemon, the /var/run/docker.sock file is ownership root:docker as I expect. However if I use an LDAP group, the daemon doesn’t recognize the group and the docker.sock file stays as root:root.

I’m running Oracle Linux, 3.8.13-118.14.1.el6uek.x86_64

root@rhvm100:/etc/sysconfig> grep ^group /etc/nsswitch.conf
group: files ldap

root@rhvm100:/etc/sysconfig> groups rhelfand
rhelfand : users docker

root@rhvm100:/etc/sysconfig> /etc/init.d/docker start
Starting docker: [ OK ]

root@rhvm100:/etc/sysconfig> ls -la /var/run/docker.sock
srw-rw---- 1 root root 0 Mar 21 08:37 /var/run/docker.sock

I know I could chgrp the sock file after it starts up, or create a local group, or use sudo. Just looking to see if anyone has gotten this working successfully.

Thanks!

I too would like this to work and it’s now October 2018, I’m on Oracle Linux 7, docker-engine 18.03, and it appears that nobody from the docker team has responded to this or thinks it’s worthy of being worked on. Fact?

I can’t offer any official solution. But what has worked for me is to create the local docker group. Get the gid, and create a docker group in ldap with the same gid. Add in ldap to the ldap docker group, and it seems to work for me. Hope this helps.

Here is my fix for allowing the ldap docker group users to use docker.

1. Create a docker group on ldap
2. Get the group id number
3. DOCKERGROUPID=1007. #Replace 1007 with the GID you created
4. sudo chown root:docker /var/run/docker.sock
5. sudo groupdel docker
6. sudo groupadd -g $DOCKERGROUPID docker
7. sudo chmod 660 /var/run/docker.sock
8. sudo chown root:docker /var/run/docker.sock
9. sudo systemctl daemon-reload
10. sudo systemctl restart docker

Step 9 is probably not needed but I left it from the debug process.