Ubuntu-core 16.04 RPi 3 B+ Read-only file system

I created an Ubuntu-core Raspberry Pi 3 B+ image using the example shown on https://docs.ubuntu.com/core/en/guides/build-device/image-building

It was straight forward and easy to implement. Apparently the file system is read-only.

sudo usermod -aG docker $USER
usermod: /etc/group.1763: Read-only file system
usermod: cannot lock /etc/group; try again later.

Did I mess up or is that normal?

Can I have my file system read-write?


This is normal, yes, Core is focused on appliances, there is a way to use adduser with the --extrausers option to add a group, but you wouldnt be able to do that automated or from a snap easily.

the initial (development) user that you create with the initial setup tool (console-conf) has passwordless sudo access though, the docker snap should work fine with either.

Not to me:

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See ‘docker run --help’.

you mean it doesnt work with either sudo or as root ?

the initial (development) user that you create with the initial setup tool (console-conf) has passwordless sudo access though, the docker snap should work fine with either.

If I execute without sudo, with the user you mention, I obtain the log I attached which reflects it really need sudo to use docker. And , by design, Ubuntu Core doesn’t let my used be added to docker group. I am really lost.

yes, you need sudo or be root (i.e. if you use the docker snap from another snap it needs to run as daemon (which automatically runs as root)). the pre-created user can use sudo without any password though …

But if I have scripts full of docker commands, do I have to modify all scripts I have adding sudo everywhere? Ok, the defense against that is, you can use sudo su,isn’t it? but my scripts are full of $USER references too. Do I modify my scripts or is there
any turnaround for this problem?

you could try to (very carefully) hack the files in /var/lib/extrausers … with luck they override whats in /etc (i wouldnt fully rely on this though, it is not an advertised feature of the extrausers lib, even if it works)

The issue with the docker snap is known and unfortunately not easily solvable. As @ogra points out, the definition of the docker group is in the read-only /etc/group, while in order to enable users to be added to this group, the definition of the group would need to be in /var/lib/extrausers/group which is writable.

On top of this issue, we have the problem that the docker snap recently dropped some patches that were used to read the group definition from /var/lib/extrausers/group and instead relies on using getent … which also unfortunately doesn’t understand /var/lib/extrausers/group.

So we have the following problems:

  1. there is no docker group definition in /var/lib/extrausers/group
  2. docker snap uses getent which does not read from /var/lib/extrausers/group

I am hoping to be able to solve 1 for UC20 which is due to be released soon (see github issue), and 2 still needs some discussion but has a bug filed here. The solution to 1 may be backportable to UC16 and UC18, not currently clear on that yet

1 Like

Ok, I see I can modify extrausers/group being root. But as you say, nothing changes even after restart.