Google Groups no longer supports new Usenet posts or subscriptions. Historical content remains viewable.
Dismiss
gpasswd -a $USER docker vs usermod -aG docker $USER.
226 views
Skip to first unread message
Hongyi Zhao
Aug 22, 2020, 10:43:30 PM8/22/20
to
Hi,
On the following webpage: https://github.com/ApolloAuto/apollo/blob/master/docs/specs/D-kit/Waypoint_Following/Apollo_Installation_cn.md#%E8%AE%BE%E7%BD%AEapollo%E7%BC%96%E8%AF%91%E7%8E%AF%E5%A2%83, it told the following:
sudo gpasswd -a $USER docker
sudo usermod -aG docker $USER
But I really can't figure out the differences between these two commands. Based on the man pages for the above two commands, it seems both of them are add the $USER to docker group. So, I still don't know why they run these two commands at the same time instead of only runnin one of them for the job.
Any hints for this problem?
Best regards,
HY
On the following webpage: https://github.com/ApolloAuto/apollo/blob/master/docs/specs/D-kit/Waypoint_Following/Apollo_Installation_cn.md#%E8%AE%BE%E7%BD%AEapollo%E7%BC%96%E8%AF%91%E7%8E%AF%E5%A2%83, it told the following:
sudo gpasswd -a $USER docker
sudo usermod -aG docker $USER
But I really can't figure out the differences between these two commands. Based on the man pages for the above two commands, it seems both of them are add the $USER to docker group. So, I still don't know why they run these two commands at the same time instead of only runnin one of them for the job.
Any hints for this problem?
Best regards,
HY
David W. Hodgins
Aug 22, 2020, 11:21:02 PM8/22/20
to
"Any file from the user's home directory owned by the previous primary group of
the user will be owned by this new group."
So the first command creates the docker group, the second changes all files and
directories in the user's home directory, that previously had that user's primary
group (normally the same as $USER in Mageia) to be owned by the group docker.
I would not follow the instruction from that page to run the command
sudo chmod 777 /var/run/docker.sock
which would make that file world writable. The socket file should be handled
by the Mageia package properly already.
Just install docker from the Mageia repositories which will create the group
docker, then user userdrake to add your id to the docker group.
I haven't used docker myself, but other then starting the docker service, that
should be all that's needed to get docker started.
Regards, Dave Hodgins
--
Change dwho...@nomail.afraid.org to davidw...@teksavvy.com for
email replies.
Hongyi Zhao
Aug 23, 2020, 10:15:30 AM8/23/20
to
On Sunday, August 23, 2020 at 11:21:02 AM UTC+8, David W. Hodgins wrote:
> On Sat, 22 Aug 2020 22:43:26 -0400, Hongyi Zhao <hongy...@gmail.com> wrote:
> > On the following webpage: https://github.com/ApolloAuto/apollo/blob/master/docs/specs/D-kit/Waypoint_Following/Apollo_Installation_cn.md#%E8%AE%BE%E7%BD%AEapollo%E7%BC%96%E8%AF%91%E7%8E%AF%E5%A2%83, it told the following:
> > sudo gpasswd -a $USER docker
> > sudo usermod -aG docker $USER
> > But I really can't figure out the differences between these two commands. Based on the man pages for the above two commands, it seems both of them are add the $USER to docker group. So, I still don't know why they run these two commands at the same time instead of only runnin one of them for the job.
>
> I suspect you've missed this part from man "usermod" ...
>
> "Any file from the user's home directory owned by the previous primary group of
> the user will be owned by this new group."
>
> So the first command creates the docker group, the second changes all files and
> directories in the user's home directory, that previously had that user's primary
> group (normally the same as $USER in Mageia) to be owned by the group docker.
>
> I would not follow the instruction from that page to run the command
> sudo chmod 777 /var/run/docker.sock
It seems they want to run docker with normal users. See my following testings:
> On Sat, 22 Aug 2020 22:43:26 -0400, Hongyi Zhao <hongy...@gmail.com> wrote:
> > On the following webpage: https://github.com/ApolloAuto/apollo/blob/master/docs/specs/D-kit/Waypoint_Following/Apollo_Installation_cn.md#%E8%AE%BE%E7%BD%AEapollo%E7%BC%96%E8%AF%91%E7%8E%AF%E5%A2%83, it told the following:
> > sudo gpasswd -a $USER docker
> > sudo usermod -aG docker $USER
> > But I really can't figure out the differences between these two commands. Based on the man pages for the above two commands, it seems both of them are add the $USER to docker group. So, I still don't know why they run these two commands at the same time instead of only runnin one of them for the job.
>
> I suspect you've missed this part from man "usermod" ...
>
> "Any file from the user's home directory owned by the previous primary group of
> the user will be owned by this new group."
>
> So the first command creates the docker group, the second changes all files and
> directories in the user's home directory, that previously had that user's primary
> group (normally the same as $USER in Mageia) to be owned by the group docker.
>
> I would not follow the instruction from that page to run the command
> sudo chmod 777 /var/run/docker.sock
werner@X10DAi-01:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
werner@X10DAi-01:~$ sudo chmod 777 /var/run/docker.sock
werner@X10DAi-01:~$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
To try something more ambitious, you can run an Ubuntu container with:
$ docker run -it ubuntu bash
Share images, automate workflows, and more with a free Docker ID:
https://hub.docker.com/
For more examples and ideas, visit:
https://docs.docker.com/get-started/
Based on my tries, it seems the least permission on the unix socket is 766 so that all users can run docker command. I'm not sure whether this is the reason.
Best regards,
HY
David W. Hodgins
Aug 23, 2020, 11:01:55 AM8/23/20
to
On Sun, 23 Aug 2020 10:15:26 -0400, Hongyi Zhao <hongy...@gmail.com> wrote:
> It seems they want to run docker with normal users. See my following testings:
Is the socket group writeable by the docker group? If so, add the user to the
> It seems they want to run docker with normal users. See my following testings:
docker group. Log out and back in for the change to the group to take affect.
There is no reason to make it world writeable.
0 new messages