非root用戶沒有權限運行docker命令

問題描述

[yuy@localhost ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.26/containers/json: dial unix /var/run/docker.sock: connect: permission denied

問題分析

Manage Docker as a non-root user

The docker daemon binds to a Unix socket instead of a TCP port. By
default that Unix socket is owned by the user root and other users can
only access it using sudo. The docker daemon always runs as the root
user.

If you don’t want to use sudo when you use the docker command, create
a Unix group called docker and add users to it. When the docker daemon
starts, it makes the ownership of the Unix socket read/writable by the
docker group.

解決辦法

# 添加docker用户组
[yuy@localhost ~]$ sudo groupadd docker

# 将登陆用户加入到docker用户组中
[yuy@localhost ~]$ sudo gpasswd -a $USER docker

# 更新用户组
[yuy@localhost ~]$ sudo newgrp docker

# 重啓 docker 服務
[yuy@localhost ~]$ sudo systemctl restart docker.service

# 授權 docker.sock 
[yuy@localhost ~]$ sudo chmod a+rw /var/run/docker.sock

批量新增用戶至docker用戶組脚本

#!/bin/bash
#author by Michael Ho

# 用戶列表
user_array=(
    zhouj
    zhangmy
    caimz
    yuy
)

# 新增用戶到docker群組中
add_user() {

    if [[ $EUID -ne 0 ]]; then
        echo -ne "\033[31mThis scripts must be run as root ..\033[0m"
        exit 1
    fi

    groupadd docker

    for i in ${user_array[*]}; do
        gpasswd -a $i docker
        echo -ne "\033[32m 已將 $i 加入到 docker 用戶組! \033[0m"
    done

    newgrp docker
}

# main函式
main() {
    add_user

    # 重啓 docker 服務
    systemctl restart docker.service

    # 授權 docker.sock 
    chmod a+rw /var/run/docker.sock
}

# 程式入口
main