Hi,
I want to set up Ubuntu Core with Docker. There seems to be an access right issue. I would expect that hundreds of people had the same problem, but I did not find related threads. Most things go back to Ubuntu Core 16, and they seem not to work.
If I run docker info with the system user (assume it is NN), it fails.
NN@ubuntu:~$ docker info
Client:
Debug Mode: false
Server:
ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/info: dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info
If I run the same with root, it succeeds.
NN@ubuntu:~$ sudo docker info
Client:
Debug Mode: false
Server:
Containers: 0
...
If I look at the socket, the user root and the group docker can access it.
NN@ubuntu:~$ ls -l /var/run/docker.sock
srw-rw---- 1 root docker 0 Sep 28 06:51 /var/run/docker.sock
Adding the system user NN to the group docker seems straight forward. But adduser and similar commands fail, because /etc/group is on the read-only partition of core20. But it would already contain the group docker.
NN@ubuntu:~$ cat /etc/group | grep docker
docker:x:113:
Following the related post https://forum.snapcraft.io/t/how-to-add-extra-user-to-group/, it looks like I should maintain /var/lib/extrausers/group manually. But the group already exists in /etc/group. I still add the same group to the extrausers database.
NN@ubuntu:~$ cat /var/lib/extrausers/group
NN:x:1000:
docker:x:113:NN
No luck though.
It might be that I should create a new group just in the extrausers database. But that seems – err – not as intended.
What is the right way to get docker client running without privileged access? Where did I take the wrong turn?