Docker group and permissions

I am learning penetration testing, and I am trying to perform linux privilege escalation using docker. So I created a new user with the minimum permissions and I added it to the docker group. The problem now is that this new user cannot run docker.

I tried to change the permission for this user using chmod but it does not work. Can anyone help me please to permit the new user to run docker!! this is the new user : pentester:x:1001:1001::/home/pentester:/bin/bash and this is the docker group : docker:x:976:anasgharsa,pentester and when I am connected with the new user and try “docker images” or “docker ps” I get this error message : “unable to get absolute bin path: stat .: permission denied”

Your docker group is out of the range of user grouping (GID=976, while user GID =1000 min.)

first of all thank you for your reply .so what can i do ?? how can I fix this? even the other user “anasgharsa” has GID 1000 and still can run docker without any problem

You’re welcome. The user that you setup as yourself is in the Wheel group so it has elevated permissions already. It could just be as simple as a SELinux issue since it is access that is at issue. Can you run the container using Podman instead of Docker? Just to try it out.

actually i don’t have podman, I am not using it. should I do it ???

It works for me on Fedora 38 like this:

sudo dnf install docker
sudo systemctl enable docker.service 
sudo systemctl restart docker.service 
sudo useradd test
sudo usermod -a -G docker test 
sudo -i -u test
docker ps

thank you so much for the clarification!!!

thank you so much for the clarification! I tried what you suggested and it works but when I run docker ps -a it give another results, not the same containers that I have, is it normal ?

podman works very well on Fedora, but there are often issues trying to use docker.
Most of the time you can use podman in place of docker.

Thank you for your reply, I will try podman instead of docker, but the problem is that this is an academic project for the university and the professor want docker

Then by all means get it working with Docker.
Podman is included with the base Fedora install normally.
The problems with Docker relate to the fact it used to require a daemon, with root privileges which is sort of counter intuitive for a normal user to have to be root to start something. Also they used a different runtime (I think runc instead of crun???). Docker came out with daemonless docker not that long ago and there has been work inside the community around it. Thats why there is a docker package in Fedora Repo’s.

thank you for your help, I really appreciate it. I will try again and again till it works