如何修复“拨号Unix /var/run/docker.sock：连接：权限被拒绝”组权限似乎正确时？ [英] How to fix "dial unix /var/run/docker.sock: connect: permission denied" when group permissions seem correct?

问题描述

在Ubuntu 18.04更新后，我突然遇到了问题：以前我在系统上没有问题地使用过docker，但是突然之间，我没有。据我所知，权限看起来是正确的：

I'm suddenly having issues after an update of Ubuntu 18.04: previously I've used docker without issue on the system, but suddenly I cannot. As far as I can tell, the permissions look correct:

$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
$ ls -last /var/run/docker.sock 
0 srw-rw---- 1 root docker 0 Jul 14 09:10 /var/run/docker.sock
$ whoami
brandon
$ cat /etc/group | grep docker
docker:x:995:brandon
nvidia-docker:x:994:

编辑：

组信息：

$ groups
brandon
$ groups brandon
brandon : brandon adm cdrom sudo dip plugdev games lpadmin sambashare docker
$ whoami
brandon

更新

我将系统从17.04升级到18.04的原始帖子，我已经完成了从16.04到18.04的两次升级，以后的系统都没有问题。因此，这可能与从17.04到18.04的升级过程有关。我尚未执行全新的18.04安装。

Since the original post where I upgraded a system from 17.04 to 18.04, I've done two upgrades from 16.04 to 18.04, and neither of the later systems had the issue. So it might be something to do with the 17.04 to 18.04 upgrade process. I've yet to perform a fresh 18.04 installation.

推荐答案

sudo setfacl --modify user:<user name or ID>:rw /var/run/docker.sock

不需要重新启动，并且比usermod或chown更安全。

It doesn't require a restart and is more secure than usermod or chown.

@mirekphd指出，当用户 name 时，需要用户ID >仅存在于容器内部，而不存在于主机上。

as @mirekphd pointed out, the user ID is required when the user name only exists inside the container, but not on the host.

这篇关于如何修复“拨号Unix /var/run/docker.sock：连接：权限被拒绝”组权限似乎正确时？的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！