[Ubuntu] Settings and precautions for running docker without the sudo command

2019/10/32021/6/20

A note on how to enable docker without sudo when using docker on Ubuntu.

Trigger

After installing docker, as it issudoWhen I checked the operation without a command, an error occurred.

#Run from Ubuntu terminal docker run hello-world

docker: Got permission denied while trying to connect to the Docker daemon socket at unix: ///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.39/containers/create: dial unix /var/run/docker.sock: connect: permission denied. See'docker run –help'.

It seems that access to the docker daemon has been denied. I typed sudo docker run hello-world and it worked.

The cause of the error seems to be the following reasons.

Docker communicates with a daemon (dockerd) running with root privileges via unix socket or tcp / ip, but you need to belong to the docker group or have root privileges to access dockerd.
Understand the dangers of adding users to a docker group with Docker

By adding the sudo command, general users can execute commands that cannot be executed without root privileges (such as connecting to a daemon).But adding sudo every time is tedious.

Countermeasures and precautions

One way to run without sudo is to make the user belong to the dokcer group (often googled), but there also seems to be a security issue.

Reference: Risk when granting root-like privileges in docker group (official document)

If you want to use docker without sudo, newgrp It is said that it is better to temporarily belong to a group or user namespaces.

sudo groupadd docker # $ USER with username sudo usermod -aG docker $ USER newgrp docker docker run hello-world

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:

1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the “hello-world” image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/

For more examples and ideas, visit:
https://docs.docker.com/get-started/

Environment,programming,Docker

Visualize compound space by dimensionality reduction of Fingeprint