Installed moby-engine, cannot add user to docker group

Hi, I’ve just started using Silverblue 35, and it’s pretty neat. For some of my work I need an actual docker daemon though (I could probably work around it somehow but it doesn’t seem worth it), so I installed moby-engine. The engine itself works, but for some tools to work properly I need to be able to use it as my personal user. Normally I would just add myself to the docker group.

But this does not seem to work. The docker group exists, but not inside /etc/group. Instead it gets loaded from systemd-userdb as far as I can tell. But this means that all tools I know of to add my user to the group don’t work.

Is there another way to do this?

1 Like

Hello @peacememories,
Welcome to discussion.:fedora:.org!

fedora~$tldr usermod                                                                                                                                   03/29/22-08:08:05

  usermod

  Modifies a user account.
  See also: `users`, `useradd`, `userdel`.
  More information: https://manned.org/usermod.

  - Change a username:
    sudo usermod --login new_username username

  - Change a user id:
    sudo usermod --uid id username

  - Change a user shell:
    sudo usermod --shell path/to/shell username

  - Add a user to supplementary groups (mind the lack of whitespace):
    sudo usermod --append --groups group1,group2,... username

  - Change a user home directory:
    sudo usermod --move-home --home path/to/new_home username

Also, Podman can run most Docker commands without modifications. Docker is also available to be used daemonless which plays better with Silverblues immutable system bit’s.

But usermod --append --groups is the command you want and you need sudo when using it to add your user to the group(s) desired.

HTH

1 Like

That’s what I tried but usermod just does nothing. it doesn’t even throw an error, but afterwards I am not added to the group.
I tried using newgrp docker to avoid restarting, which also results in a very peculiar error:

newgrp: failed to crypt password with previous salt: Invalid argument

But even after restarting I am not part of the docker group.
gpasswd -a on the other hand fails directly, telling me that docker is not part of /etc/group

On the topic of using Podman, I’ve run into a few edgecases. For one, our main application depends on being built with buildkit, which is not trivial to set up with podman. but even using VSCodes remote container extension results in problematic situations where podman needs a completely different container config, and checking out repos directly into containers fials outright because VSCode is trying to mount /var/run/docker.sock.

1 Like

The docker group probably isn’t in /etc/group yet, you need to copy it from /usr/lib/group before adding users to id. Here’s a thread about it with an example: Adding user to a group - #2 by miker256 - Fedora Discussion

2 Likes

Huh, I did not expect to be allowed to do that. Thanks! :slight_smile:

Oof, with docker I’m still running into lots of problems when trying to run VSCode devcontainers, probably because of selinux I’m guessing (permission denied on the socket when running docker-in-docker, and permission denied on host-mounted volumes).
Might be worth trying to get all of that to work in podman after all, since I actually like the ideas behind podman more

Yep:

type=AVC msg=audit(1648588485.580:851): avc:  denied  { write } for  pid=12218 comm="docker" name="docker.sock" dev="tmpfs" ino=1557 scontext=system_u:system_r:container_t:s0:c380,c561 tcontext=system_u:object_r:container_var_run_t:s0 tclass=sock_file permissive=0