Docker client without root / add system user to group docker


I want to set up Ubuntu Core with Docker. There seems to be an access right issue. I would expect that hundreds of people had the same problem, but I did not find related threads. Most things go back to Ubuntu Core 16, and they seem not to work.

If I run docker info with the system user (assume it is NN), it fails.

NN@ubuntu:~$ docker info
 Debug Mode: false

ERROR: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/info: dial unix /var/run/docker.sock: connect: permission denied
errors pretty printing info

If I run the same with root, it succeeds.

NN@ubuntu:~$ sudo docker info
 Debug Mode: false

 Containers: 0

If I look at the socket, the user root and the group docker can access it.

NN@ubuntu:~$ ls -l /var/run/docker.sock 
srw-rw---- 1 root docker 0 Sep 28 06:51 /var/run/docker.sock

Adding the system user NN to the group docker seems straight forward. But adduser and similar commands fail, because /etc/group is on the read-only partition of core20. But it would already contain the group docker.

NN@ubuntu:~$ cat /etc/group | grep docker

Following the related post, it looks like I should maintain /var/lib/extrausers/group manually. But the group already exists in /etc/group. I still add the same group to the extrausers database.

NN@ubuntu:~$ cat /var/lib/extrausers/group 

No luck though.

It might be that I should create a new group just in the extrausers database. But that seems – err – not as intended.

What is the right way to get docker client running without privileged access? Where did I take the wrong turn?


Thanks Oliver, that’s it. I will follow this thread and the links there.