Why /var/run/docker.sock permissions are changed every time I log out? How can I forbid it?

permissions docker chmod

7,400

Why /var/run/docker.sock permissions are changed every time I log out? How can I forbid it?

Because the people from docker take security serious. And so should you. You really need to understand that this opens up your docker instance to everyone. For a thorough explanation this is a must read. chmod 777 is never the correct solution (well... unless the sticky bit is also set).

If you still want to do it with

sudo chmod 777 /var/run/docker.sock

you need to have this command executed each time you login. "startup applications" can be used to execute script at the time you login to the desktop. But please please do not. Use the group method below.

You can also set the immutable bit (chattr +i {file}) so normal users can not change the attributes but that is just a trick. Someone with access to the system can easily change that by rebooting with an live session; even a non admin user can do that.

Please do not suggest such things like running rootless docker or anything about docker group, I am interesting only in dealing with permissions.

Why? You forgot to explain why these are not acceptable. In theory you could have a valid reason (though I can not imagine one myself :) ).

See How can I use docker without sudo? on how to set this up or use the official documentation on how to setup docker with a group or rootless. Those ARE the 2 methods provided by docker.

7,400

Author by

sanyassh

Updated on September 18, 2022

Comments

sanyassh over 1 year

Everytime after logging in I am getting permission denied while trying to connect to the Docker daemon socket so I need to execute sudo chmod 777 /var/run/docker.sock to solve it. I am curious why and how permissions of this file are changed everytime. Also I want to forbid such changes so I don't need to execute chmod. Is there a way to do it? Please do not suggest such things like running rootless docker or anything about docker group (I have already seen this question: How can I use docker without sudo? before asking mine), I am interesting only in dealing with permissions.
- George Udosen over 4 years
  
  Setup your docker not to use sudo
- George Udosen over 4 years
  
  Does this answer your question? How can I use docker without sudo?
- Rinzwind over 4 years
  
  @GeorgeUdosen naah. That explains how to set it up. But he is asking why he can not use chmod 777 :-)
sanyassh over 4 years

I think I had to ask this question: "How to forbid changing permissions" without mentioning docker. I want some file to have 777 permissions. I also don't want anybody to change them. Is this possible?
Rinzwind over 4 years

Set the immutable bit (chattr +i {file}) but even that is just a trick. Someone with access to the system can easily change that by rebooting with an live session.
sanyassh over 4 years

looks like it is what I was looking for, thanks. It is the real answer to my question "how can i forbid changing permissions" so if you include the comment into the answer, I can accept it.
user253751 over 4 years

... everyone who can run code or commands on your computer.
sanyassh over 4 years

Also, I don't really understand why does this always appear in questions/answers on askubuntu and such sites: Someone with access to the system. There is nobody with access to my system, it is a personal computer. So I really dont care about security, all this sudo things and etc. I just want to make my life easier.
Rinzwind over 4 years

@sanyash not everyone lives alone. Plus this also includes external access through ssh, ftp, bugs in browsers, using any type of server with online access, malware, spyware. etc.
Ivailo Bardarov over 2 years

Your answer is not answering the question.