Docker Community Forums

Share and learn in the Docker community.

When starting dockerd, error: chown /var/run/docker.sock: operation not permitted

docker

#1

I have installed docker-18.09.1.tgz in RedHat 7.3

'# cd /tmp
'# tar xvzf docker-18.09.1.tgz
'# chown -R docker:docker docker
'# cd docker
'# cp -p * /usr/bin
'# mkdir /var/lib/docker
'# chown -R docker:docker /var/lib/docker
'# su - docker
'$ dockerd &
Failed to load listeners: can’t create unix socket /var/run/docker.sock: chown /var/run/docker.sock: operation not permitted

I have tried to create docker.sock by user docker…
'# su - docker
'$ touch /var/run/docker.sock

'$ ll /var/run/docker.sock
-rw-rw-r–. docker docker 0 Jan 331 18:27 /var/run/docker.sock

How can I run dockerd by user ‘docker’?


#2

From the url: https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface, it said…

‘Running containers (and applications) with Docker implies running the Docker daemon. This daemon currently requires root privileges, and you should therefore be aware of some important details.’

That means if I want to run dockerd by user other than root, I must assign another user who should have the ‘root’ privilege!

So what is the difference between running docker daemon as root or another user with root privileges?


(Gary Forghetti) #3

You are not installing Docker in a supported way and I’m not sure how you “built” the installation bits in the docker-18.09.1.tgz file shown in this post. And I’m thinking that docker-18.09.1.tgz file contains Docker Community Edition which is not supported on RHEL. RHEL requires Docker Enterprise Edition which you will need to purchase -> https://hub.docker.com/search?q=&type=edition&offering=enterprise

If you can substitute CentOS instead of RHEL, then you can install Docker Community Edition on CentOS with a simple 1 line command: curl --silent -SL https://get.docker.com/ | sh


#4

I followed the following instructions to install the docker binary version, under the section, ‘Install static binaries’:


#5

After installing docker using ‘curl’, can you run dockerd by user other than root? Or on the best practice, should we run dockerd by root?


(Gary Forghetti) #6

The docker daemon dockerd has to run as the root user on Linux.
Non root users can “manage” docker if they are added to the Linux docker group.


(Gary Forghetti) #7

I was able to install Docker CE 18.09.1 on a RHEL 7.6 virtual machine using the binaries installation -> https://docs.docker.com/install/linux/docker-ce/binaries/

See below.

Download the Linux binaries

🐳  gforghetti@172.28.128.6:[~] $ curl -O https://download.docker.com/linux/static/stable/x86_64/docker-18.09.1.tgz
  % Total    % Received % Xferd  Average Speed   Time    Time     Time  Current
                                 Dload  Upload   Total   Spent    Left  Speed
100 45.7M  100 45.7M    0     0  28.3M      0  0:00:01  0:00:01 --:--:-- 28.3M

Extract the archive file directly into /usr/bin

🐳  gforghetti@172.28.128.6:[~] $ sudo tar zxvf docker-18.09.1.tgz --strip 1 -C /usr/bin
docker/ctr
docker/containerd-shim
docker/containerd
docker/docker-proxy
docker/docker
docker/dockerd
docker/runc
docker/docker-init
🐳  gforghetti@172.28.128.6:[~] $ ls -la /usr/bin/dockerd
-rwxr-xr-x. 1 vagrant vagrant 54320560 Jan  9 14:43 /usr/bin/dockerd

Manually start the docker daemon dockerd as a background process.

🐳  gforghetti@172.28.128.6:[~] $ sudo dockerd &
[1] 13024
🐳  gforghetti@172.28.128.6:[~] $ INFO[2019-02-01T08:46:54.875504850-05:00] libcontainerd: started new containerd process  pid=13034
INFO[2019-02-01T08:46:54.875620451-05:00] parsed scheme: "unix"                         module=grpc
---- I suppressed some output -----
INFO[2019-02-01T08:46:55.416618615-05:00] Docker daemon                                 commit=4c52b90 graphdriver(s)=overlay2 version=18.09.1
INFO[2019-02-01T08:46:55.417090393-05:00] Daemon has completed initialization
INFO[2019-02-01T08:46:55.435200545-05:00] API listen on /var/run/docker.sock

Verify that docker is up and running and you can manage it as root (sudo).

🐳  gforghetti@172.28.128.6:[~] $ sudo docker version
Client: Docker Engine - Community
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:33:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:41:57 2019
  OS/Arch:          linux/amd64
  Experimental:     false

Create a docker group and add my user to that group.

🐳  gforghetti@172.28.128.6:[~] $ sudo groupadd docker
🐳  gforghetti@172.28.128.6:[~] $ sudo usermod -aG docker $USER
🐳  gforghetti@172.28.128.6:[~] $ exit

Logged out and came back in.

My user is now able to use the docker cli and manage docker.

🐳  gforghetti@172.28.128.6:[~] $ docker version
Client: Docker Engine - Community
 Version:           18.09.1
 API version:       1.39
 Go version:        go1.10.6
 Git commit:        4c52b90
 Built:             Wed Jan  9 19:33:22 2019
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          18.09.1
  API version:      1.39 (minimum version 1.12)
  Go version:       go1.10.6
  Git commit:       4c52b90
  Built:            Wed Jan  9 19:41:57 2019
  OS/Arch:          linux/amd64
  Experimental:     false