Add non-root user to the docker group for non-root Docker access #573
Conversation
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
d8af9ec to
8e53c38
Compare
andy-vm
left a comment
andy-vm
left a comment
There was a problem hiding this comment.
this file is add-sudoer.sh, should not be mixed up with docker group, please add another script for docker group purpose
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
8e53c38 to
00b01f2
Compare
Hi @andy-vm, Thanks for the review. I’ve moved the Docker group logic out of add-sudoer.sh into a new file called add-docker-group.sh. The new script handles adding the user to the Docker group. Image JSONs have been updated to include the script. |
|
does the new script have execution permissions added? please build one new image and test |
yes @andy-vm it has execution permissions and tested locally, working as expected. |
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
00b01f2 to
d92fbcf
Compare
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
3 times, most recently
from
b2ec62b to
a64c35f
Compare
|
why is this needed for most of the image? only -dev image have default guest user |
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
2 times, most recently
from
beb0112 to
7f69222
Compare
polmoorx
changed the title
Thanks for the review. Updated the PR, new script now automatically detects the default non-root user (e.g., guest in dev images, others in non-RT images) and adds that user to the docker group. This addresses the issue consistently across all image types. |
default user doesnt mean it need docker group access. what is the problem this PR try to solve? |
Based on ticket ITEP-81113, the normal user in the images is unable to run Docker commands because it is not part of the docker group. As a result, Docker operations fail with a “permission denied” error. This PR resolves the issue by adding the primary non-root user to the docker group, ensuring Docker works as expected for the intended user. |
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
7f69222 to
efc4af9
Compare
this is fine for -dev image with default non-root user (guest) added [1] as we added the guest user for development and test purpose only. |
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
efc4af9 to
a657443
Compare
Hi @cheeyanglee, As per the latest comment in ITEP-81113 the issue is not ibserving in cloud-init and the issue is only observed in dev image and in dev image the the gusest user is hardcoded hence the PR is fixed for dev images alone and working as expected
Hi @cheeyanglee, |
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
a657443 to
1d81f6b
Compare
The guest user couldn’t run Docker commands without sudo because it was not part of the 'docker' group. A new script added to ensure the guest user added to the docker group, This allows guest user to use Docker without sudo while keeping existing sudo behavior intact. Signed-off-by: Polmoorx Shiva Kumar <[email protected]>
polmoorx
force-pushed
the
add-guest-to-docker-group
branch
from
1d81f6b to
b7f1254
Compare
cheeyanglee
merged commit dcb4cd1
into
open-edge-platform:3.0-dev
The guest user couldn’t run Docker commands without sudo because it was not part of the 'docker' group. A new script added to ensure the guest user added to the docker group, This allows guest user to use Docker without sudo while keeping existing sudo behavior intact. Signed-off-by: Polmoorx Shiva Kumar <[email protected]>
4 participants
Merge Checklist
All boxes should be checked before merging the PR
Description
The non-root user couldn’t run Docker commands without sudo because it was not part of the 'docker' group. Added a new script to automatically detect the default non-root user and add it to the docker group, This allows non-root to use Docker without sudo while keeping existing sudo behavior intact.
This allows guest to use Docker without sudo while keeping existing sudo behavior intact.
Any Newly Introduced Dependencies
NO
How Has This Been Tested?
Manually tested