New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Using docker requires sudo #1

Open
fginther opened this Issue Apr 18, 2017 · 6 comments

Comments

Projects
None yet
7 participants
@fginther

fginther commented Apr 18, 2017

Using docker as installed by the docker snap requires sudo. My expectation is that normal users could use docker without needing sudo. This is the case for both the stable and edge versions of the docker snap.

Here's what I found while using the docker snap from --edge:

fginther@docker-snap-test:~$ sudo snap install --edge docker
docker (edge) 1.13.1-0 from 'docker-inc' installed
fginther@docker-snap-test:~$ snap list
Name    Version   Rev   Developer   Notes
core    16-2      1577  canonical   -
docker  1.13.1-0  84    docker-inc  -

Running docker commands requires sudo to connect to the daemon socket:

fginther@docker-snap-test:~$ docker version
Client:
 Version:      1.13.1
 API version:  1.26
 Go version:   go1.7.4
 Git commit:   -snap-899f8a8
 Built:        Tue Apr 11 12:44:12 2017
 OS/Arch:      linux/amd64
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/version: dial unix /var/run/docker.sock: connect: permission denied
fginther@docker-snap-test:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
fginther@docker-snap-test:~$ sudo docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
78445dd45222: Pull complete 
Digest: sha256:c5515758d4c5e1e838e9cd307f6c6a0d620b5e07e6f927b07d05f6d12a1ac8d7
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://cloud.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

Looking at the permissions of the socket indicated in the error message, /var/run/docker.sock:

fginther@docker-snap-test:~$ ls -l /var/run/docker.sock
srw-rw---- 1 root root 0 Apr 18 12:46 /var/run/docker.sock

Changing the permissions on this socket is enough to allow non-sudo use:

fginther@docker-snap-test:~$ sudo chmod 666 /var/run/docker.sock
fginther@docker-snap-test:~$ ls -l /var/run/docker.sock
srw-rw-rw- 1 root root 0 Apr 18 12:46 /var/run/docker.sock
fginther@docker-snap-test:~$ docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://cloud.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/engine/userguide/

@adglkh

This comment has been minimized.

Show comment
Hide comment
@adglkh

adglkh May 12, 2017

Collaborator

Hi fginther
Thanks for your head up.
Actually, there's a discussion around this issue.
https://forum.snapcraft.io/t/snap-declaration-request-for-docker-snap/394/5
I'm assuming you installed and ran the docker snap on Classic. If so, you can setup docker snap by running the following command without sudo
$sudo addgroup --system docker
$sudo adduser $USER docker
$newgrp docker

Also you can run docker.help to learn how to configure it.

But if you're running docker under Ubuntu Core 16. It's another story. As system user/group file(etc/passwd, /etc/group) is read-only on UC16. We need new user/group management interface to solve this problem. As of now, we apply a workaround to make docker running without sudo on UC16. The side effect of this is that it requires manual setup to make dockerd running. From the customer feedback, in practical terms, people really hope everything up to work once installation without configuration by hand.
As discussed internally, we plan to revert back to "run dokcer with root user on UC16" for the time being and fix it in the proper way once the interfaces of snapd is ready.

bab38be

Collaborator

adglkh commented May 12, 2017

Hi fginther
Thanks for your head up.
Actually, there's a discussion around this issue.
https://forum.snapcraft.io/t/snap-declaration-request-for-docker-snap/394/5
I'm assuming you installed and ran the docker snap on Classic. If so, you can setup docker snap by running the following command without sudo
$sudo addgroup --system docker
$sudo adduser $USER docker
$newgrp docker

Also you can run docker.help to learn how to configure it.

But if you're running docker under Ubuntu Core 16. It's another story. As system user/group file(etc/passwd, /etc/group) is read-only on UC16. We need new user/group management interface to solve this problem. As of now, we apply a workaround to make docker running without sudo on UC16. The side effect of this is that it requires manual setup to make dockerd running. From the customer feedback, in practical terms, people really hope everything up to work once installation without configuration by hand.
As discussed internally, we plan to revert back to "run dokcer with root user on UC16" for the time being and fix it in the proper way once the interfaces of snapd is ready.

bab38be

@Hugo-Gomez

This comment has been minimized.

Show comment
Hide comment
@Hugo-Gomez

Hugo-Gomez Sep 20, 2017

I did this :
sudo gpasswd -a $USER docker
And it worked out instantly

Hugo-Gomez commented Sep 20, 2017

I did this :
sudo gpasswd -a $USER docker
And it worked out instantly

@Guard13007

This comment has been minimized.

Show comment
Hide comment
@Guard13007

Guard13007 Jun 26, 2018

I just encountered this error, and as it was explained to me, the issue is that a user needs to be added to the docker group in order to have permission to use it.

I would assume this is still the case and seems like a good method of handling that to me.. but this issue also haven't been commented on in quite a while..

Guard13007 commented Jun 26, 2018

I just encountered this error, and as it was explained to me, the issue is that a user needs to be added to the docker group in order to have permission to use it.

I would assume this is still the case and seems like a good method of handling that to me.. but this issue also haven't been commented on in quite a while..

@ttshaw

This comment has been minimized.

Show comment
Hide comment
@ttshaw

ttshaw Jul 11, 2018

$ sudo adduser $USER docker does not work because the group is "root" not "docker"

$ ls -l /var/run/docker.sock
srw-rw---- 1 root root 0 Jul 11 09:48 /var/run/docker.sock

so it should be $ sudo adduser $USER root

from a non-snap installed machine, the group is "docker"

# ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Jul  3 04:18 /var/run/docker.sock

The correct way is,
according to docker.help you have to run the followings BEFORE sudo snap install docker

$ sudo addgroup --system docker
$ sudo adduser $USER docker
$ newgrp docker

then the group will be "docker"

$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Jul 11 10:59 /var/run/docker.sock

ttshaw commented Jul 11, 2018

$ sudo adduser $USER docker does not work because the group is "root" not "docker"

$ ls -l /var/run/docker.sock
srw-rw---- 1 root root 0 Jul 11 09:48 /var/run/docker.sock

so it should be $ sudo adduser $USER root

from a non-snap installed machine, the group is "docker"

# ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Jul  3 04:18 /var/run/docker.sock

The correct way is,
according to docker.help you have to run the followings BEFORE sudo snap install docker

$ sudo addgroup --system docker
$ sudo adduser $USER docker
$ newgrp docker

then the group will be "docker"

$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Jul 11 10:59 /var/run/docker.sock
@joekendal

This comment has been minimized.

Show comment
Hide comment
@joekendal

joekendal Aug 18, 2018

@ttshaw Not a good idea to ever run this command though $ sudo adduser $USER root

joekendal commented Aug 18, 2018

@ttshaw Not a good idea to ever run this command though $ sudo adduser $USER root

@objarni

This comment has been minimized.

Show comment
Hide comment
@objarni

objarni Sep 22, 2018

@ttshaw's method worked for me in both Ubuntu 16.04 and 18.04 (Desktop editions) for the snap way of installing docker. The complete step-by-step method is then:

$ sudo addgroup --system docker
$ sudo adduser $USER docker
$ newgrp docker
$ sudo snap install docker

I did not have any need to log out or reboot computer using above steps.

To verify docker was installed correctly:

$ docker run hello-world

objarni commented Sep 22, 2018

@ttshaw's method worked for me in both Ubuntu 16.04 and 18.04 (Desktop editions) for the snap way of installing docker. The complete step-by-step method is then:

$ sudo addgroup --system docker
$ sudo adduser $USER docker
$ newgrp docker
$ sudo snap install docker

I did not have any need to log out or reboot computer using above steps.

To verify docker was installed correctly:

$ docker run hello-world
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment