Reputation: 1
Can docker group be added after installing docker?
From the below code snippet, taken from here,
# Create Docker Group with GID
# Set default value of 497 if DOCKER_GID set to blank string by Docker Compose
RUN groupadd -g ${DOCKER_GID:-497} docker
# Used to control Docker and Docker Compose versions installed
# NOTE: As of February 2016, AWS Linux ECS only supports Docker 1.9.1
ARG DOCKER_ENGINE=1.10.2
ARG DOCKER_COMPOSE=1.6.2
# ......
# Install Docker Engine
RUN apt-key adv --keyserver hkp://pgp.mit.edu:80 --recv-keys 58118E89F3A912897C070ADBF76221572C52609D && \
echo "deb https://apt.dockerproject.org/repo ubuntu-trusty main" | tee /etc/apt/sources.list.d/docker.list && \
apt-get update -y && \
apt-get purge lxc-docker* -y && \
apt-get install docker-engine=${DOCKER_ENGINE:-1.10.2}-0~trusty -y && \
usermod -aG docker jenkins && \
usermod -aG users jenkins
docker group is explicitly created before docker engine is installed.
1) Does docker engine installation not create docker group?
2) Why can't we run groupadd after installing docker?
Upvotes: 1
Views: 1550
Answers (2)
Reputation: 4679
Containers don't have the same users and groups as in the host machine. This is part of the information the container isolates from it's running environment.
The way to map users and groups from the host machine to the container is by creating them inside the image with the same uid/gid see explanation
In this particular image we want the jenkins user (created only on the docker image) to be part of the docker group (on the host machine). This will allow jenkins tasks (running by the jenkins user) to run docker commands without sudo. docker docs explanation.
Upvotes: 1
Reputation: 44799
Docker package creates the docker group on installation. Meanwhile, this is created with default values (which I did not take time to check, but my two ubuntu machines are running with a gid of 999).
In your above example, the group is created before installing the package with a default gid of 497 that can be customized (by setting DOCKER_GID in the docker environment). And there is a comment on you original link saying:
Set to 497 by default, which is the group ID used by AWS Linux ECS Instance
What you are building here is some sort of dind (docker in docker). The goal is to make sure that docker guid on the host is the same as the guid in the dind instance so that they can share files on mounted volumes (e.g. control sockets to launch other docker containers directly on the host generally...).
If you don't create the group beforehand, you cannot run groupadd afterwards because the group already exists.
You could run groupmod though on the existing group but I don't like to mess with [g|u]ids. Creating the system user/group with your exact requirements prior to installing your package is ususally the safest way to go.
Upvotes: 2
Related Questions
- How do I add myself to the docker-users group on Windows?
- Can't add user to docker group
- How to assing user to group using Dockerfile without shell?
- "groupadd: Command not found" in docker container even though I install it and I am root
- Docker image - add user to group
- Docker Server - Change Group Name from Docker
- Why group name "docker" is not created on installation of docker on mac?
- Using `groupadd` in Docker container
- Is there any way to specify the group name AND id for a group with docker run --group-add?
- Can we create a node group in docker swarm?