Why can't I access some images without superuser?

I’m facing a problem with docker images on linux.
The problem is: I’m generating an image, but I can only access it using the sudo command. What confuses me is that I have some images that are accessible by my default user, but some images can only be accessed by superuser.

Here’s the difference between using and not using sudo:

I’d like to be able to access all images using my default user. How can I solve it? I already added my user as a member of the docker group, but it still doesn’t have access to these images.

High likely both users do NOT interact with the same docker engine.

Please share the output of these commands:

dpkg -l |grep docker
snap list docker

Hi! Thanks for answering.
dpkg -l |grep docker output:

ii  docker-ce                                  5:20.10.17~3-0~ubuntu-focal           amd64        Docker: the open-source application container engine
ii  docker-ce-cli                              5:20.10.17~3-0~ubuntu-focal           amd64        Docker CLI: the open-source application container engine
ii  docker-ce-rootless-extras                  5:20.10.17~3-0~ubuntu-focal           amd64        Rootless support for Docker.
ii  docker-compose-plugin                      2.6.0~ubuntu-focal                    amd64        Docker Compose (V2) plugin for the Docker CLI.
ii  docker-desktop                             4.9.0-80466                           amd64        Docker Desktop is an easy-to-install application that enables you to locally build and share containerized applications and microservices. It includes Docker Engine, Docker CLI client, Docker Compose, Docker Content Trust, Kubernetes, and Credential Helper. Docker Desktop runs a light-weight Linux VM to provide an isolated local container runtime, and an experience consistent with Mac and Windows versions of Docker Desktop.
ii  docker-scan-plugin                         0.17.0~ubuntu-focal                   amd64        Docker scan cli plugin.
ii  python3-docker                             4.1.0-1                               all          Python 3 wrapper to access docker.io's control socket
ii  python3-dockerpty                          0.4.1-2                               all          Pseudo-tty handler for docker Python client (Python 3.x)

snap list docker output:

Name    Version   Rev   Tracking       Publisher   Notes
docker  20.10.14  1779  latest/stable  canonical✓  -

That’s what I though: two docker engines.

I highly recommend to remove the snap package. I have no idea about the required command to delete it, but I am sure a short google search will help.

After uinstalling the snap version, you will always have to prefix the docker command with sudo, unless you add your user in the “docker” group (and perform a relogin after that), see: Post-installation steps for Linux | Docker Documentation

Just because that search may not reveal that snap remove docker would save the package to the cache, if you want to have more space, you can run snap remove --purge docker

But before removing it, I would make sure that the containers ran by snap can be deleted as well. I am not sure which list was the result of snap.

1 Like

Okay, I’ll try it. Thank you.
Just one note: The first time I ran snap list docker I go error: no matching snaps installed, then I ran ‘snap install docker’ and the output in the previous message.

Even with this information, does it still means that there are two docker engines? I mean, only judging by the dpkg -l |grep docker output.

Thank you for the info :slightly_smiling_face:

Next time, please just say what the output is, without installing it :smiley: So snap is not what you are looking for.

1 Like

Why would you install docker if it’s not installed?! Knowing it wasn’t installed before makes less sense now.

I leave it to @rimelek, as it’s bedtime for me now.

I’d say it’s time to compare the output of docker info on both installations.

It was installed, but I installed it using apt.

I read your comment too fast, didn’t realize you asked me for the output at the first time :smiling_face_with_tear:

After this, my guess is that it is rootless docker which is installed as well. It means root probably uses the original docker daemon, and your user uses a rootless one, which means the containers running in that mode will use user namespace so they will not use the actual root user in the container. Try this command:

docker context ls

If you run rootless docker, you will see it as active in the context list.

this is the output I got:

NAME              DESCRIPTION                               DOCKER ENDPOINT                                   KUBERNETES ENDPOINT   ORCHESTRATOR
default           Current DOCKER_HOST based configuration   unix:///var/run/docker.sock                                             swarm
desktop-linux *                                             unix:///home/arthur/.docker/desktop/docker.sock                         

will I fix it if I remove one of the contexts?

Well, almost… except it shows that you have Docker Desktop which is also an other context. I didn’t notice desktop when you shared the list of packages. Switch to the default context and see what happens:

docker context use default

Don’t remove the contexts! If you don’t need docker desktop, remove that. If you don’t need Docker CE, remove that. Of course, before that, check which daemon runs what. And the way you can check it is switching between contexts. “default” is probably Docker CE. desktop-linux is the desktop.

I think this will fix my problem. But now I’m getting Cannot connect to the Docker daemon at unix:///home/arthur/.docker/desktop/docker.sock. Is the docker daemon running?

This problem used to be fixed when I executed docker-desktop, but as I changed context right now, opening docker-desktop not solving and neither running docker service (re)start.

Anyways, I try to find a fix for this other problem.

I really appreciate your help :slightly_smiling_face:

What will fix that? Changing contexts or removing docker desktop? If you changed to context it should not show the desktop socket in the error message, so it looks like you still use the desktop context.

I think changing context might fix it. But right now I’m stuck with this error Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?, nothing I tried seems to fix it.
I’ll leave it for tomorrow.

Thank you bro

As it is late for me too, I will not test the error message and I don’t remember if it should be “permission denied” instead of the one that you got, but it could be because

1 Like