Home>Article>Operation and Maintenance> Do you need root permissions to use docker?

Do you need root permissions to use docker?

WBOY
WBOY Original
2022-06-27 10:33:45 8197browse

Using docker requires root permissions. Ordinary users without root permissions will not be able to operate docker; if you do not have root permissions, you can use sudo to obtain administrator permissions, run docker commands, or add the current user to the docker user group , then the current user has permission to access the "Unix socket" and can execute docker related commands.

Do you need root permissions to use docker?

The operating environment of this tutorial: linux7.3 system, docker version 19.03, Dell G3 computer.

Do you need root permissions to use docker?

You need root permissions to run docker.

To solve the problem that non-root users do not have permission to run docker commands, the method is as follows:

Method 1:

Use sudo to obtain administrator permissions and run docker command, this method has many limitations when executing docker commands through scripts

Method 2:

When the docker daemon is started, it will be given a name by default Provide read and write permissions for Unix sockets for the docker user group. Therefore, as long as the docker user group is created and the current user is added to the docker user group, the current user will have permission to access the Unix socket and can then execute docker related commands

sudo groupadd docker #添加docker用户组 sudo gpasswd -a $USER docker #将登陆用户加入到docker用户组中 newgrp docker #更新用户组

Extended knowledge:

The docker daemon process has root permissions, that is, the user running the docker daemon process is still root. We need to make the following corrections:

Do you need root permissions to use docker?

That is, we need to install docker under a non-root user and start the docker daemon process. This installation and operation mode is called "RootLess" "model. Can be installed but there are prerequisites: "RootLess" mode was introduced as an experimental feature in Docker Engine v19.03 and is officially available starting with Docker Engine v20.10.

Prerequisites

You need to install newuidmap and newgidmap tools shadow-utils, that is, configuring /etc/subuid and /etc/subuid above requires the support of these two tools. Before installation, use yum list installed shadow-utils to confirm whether it has been installed or comes with the operating system. If it exists, do not install it, but the configuration in the third step is required.

Step one: Add a software package installation source, which contains shadow-utils46-newxidmap

curl -o /etc/yum.repos.d/vbatts-shadow-utils-newxidmap-epel-7.repo https://copr.fedorainfracloud.org/coprs/vbatts/shadow-utils-newxidmap/repo/epel-7/vbatts-shadow-utils-newxidmap-epel-7.repo

Step two: yum install -y shadow-utils46-newxidmap

Step 3: Modify the system parameter user.max_user_namespaces = 28633 in the /etc/sysctl.conf file. After the modification is completed, execute the sysctl --system command to make the parameters take effect.

echo user.max_user_namespaces=28633 >> /etc/sysctl.d/userns.conf; sudo sysctl -p /etc/sysctl.d/userns.conf; echo user.max_user_namespaces=28633 >> /etc/sysctl.d/userns.conf; sudo sysctl -p /etc/sysctl.d/userns.conf;

The default value of this parameter is 0, which means that operating system users are not allowed to have subuid space. After the above operation is completed, use the sysctl --all --pattern user_namespaces command to verify the modification results.

Recommended learning: "docker video tutorial"

The above is the detailed content of Do you need root permissions to use docker?. For more information, please follow other related articles on the PHP Chinese website!

Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn