Accessing docker on a tcp port for non-root users

Well, it seems that running docker for non-root users is trivial. You can just add your user to the docker usergroup as mentioned below:

https://docs.docker.com/engine/installation/linux/linux-postinstall/#manage-docker-as-a-non-root-user

However, it might not be the best idea, as there are security implications:

https://docs.docker.com/engine/security/security/#docker-daemon-attack-surface

In the default docker installation, the dockerd listens on a Unix socket: /var/run/docker.sock, which in some Linux distros like CentOS and RHEL, can only be accessed by root user or users in the sudo group. This becomes an issue especially, for example, when we try to run docker through a Maven plugin.

The solution is to enable the docker daemon to listen on a tcp socket. This can be done by:

Edit the below line as shown:

ExecStart=/usr/bin/dockerd -H unix:///var/run/docker.sock -H tcp://localhost:2375

This will tell docker daemon to listen on port 2375 for tcp connection. Next, reload the configuration and restart dockerd:

To test whether it is working, do:

Now, you should be able to run docker as a non-root user, if you do:

Better still, you can define the below variable:

export DOCKER_HOST=tcp://localhost:2375

With that, the below command should work fine:

Note that now, we can run the below Maven plugin without any issue:

https://github.com/spotify/dockerfile-maven

References:

Enabling Docker Remote API on Ubuntu 16.04

Quick Tip – How to enable Docker Remote API?

https://docs.docker.com/engine/reference/commandline/dockerd/#daemon-socket-option

 

Leave a Reply

Your email address will not be published. Required fields are marked *