Reputation: 326
Why does adding user to docker user group allows docker to be run as non root?
Docker needs root permissions to run. This guide gives instructions about managing docker as a non-root user, it essentially adds the user to docker user group after which I'm able to run docker commands without sudo. Can someone explain why does this work?
Upvotes: 2
Views: 899
Answers (1)
Reputation: 5148
You have to distinguish between the docker command line tool docker and the background daemon dockerd. The daemon runs as root and is responsible for running containers. The command line tool docker gives the daemon instructions, what to do. This communication is done via the unix socket /var/run/docker.sock by default. An ls -l yields
srw-rw---- 1 root docker 0 Aug 20 11:22 /var/run/docker.sock
You can see that a user which belongs to the group docker is able to write to the socket and thus is able to give the daemon instructions which can be executed with root permission.
You can also configure the daemon to listen on a network port instead. Similarly you can tell the command line tool to use a remote docker daemon via the environment variable DOCKER_HOST. By doing this you can give instructions to docker daemons on remote hosts.
There is another point one should mention. When you add a user to a group using sudo, and then execute other commands with sudo, usually sudo will not prompt again for your password, because it is cache for some time.
Upvotes: 2
Related Questions
- Can't add user to docker group
- Docker container does not run with a non-root user
- Run docker inside docker as non root user
- Docker, why the user and group are different?
- How can a docker container run privileged but that of a user on the host?
- How to run docker image as a non-root user?
- Docker run - User group not working as expected?
- How do I add a container user to a user group in the Docker host?
- default user not added to docker group, have to do su $USER?
- Difference between docker run --user and --group-add parameters