碼上快樂

相關內容    簡體    繁體

小知識:將普通用戶加入到docker組

本文轉載自   查看原文   2021-11-11 09:29   1139    OCI/ Cloud/ docker

新的OCI實例,OS選擇的是OEL7.9,初始環境是沒有安裝docker的,我們可以直接使用yum安裝,之后啟動docker服務:

[opc@oci-001 ~]$ sudo yum install docker
[opc@oci-001 ~]$ sudo systemctl start docker

因為默認登陸用戶是opc,安裝后使用docker命令都需要sudo,否則會報錯權限問題:

[opc@oci-001 ~]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json": dial unix /var/run/docker.sock: connect: permission denied
[opc@oci-001 ~]$ sudo docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

為了操作方便,我們需要將opc用戶加入到docker組中:

[opc@oci-001 run]$ sudo gpasswd -a opc docker
正在將用戶“opc”加入到“docker”組中
[opc@oci-001 run]$ docker ps
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/json": dial unix /var/run/docker.sock: connect: permission denied
[opc@oci-001 run]$ id
uid=1000(opc) gid=1000(opc) 組=1000(opc),4(adm),10(wheel),190(systemd-journal) 環境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[opc@oci-001 run]$ id opc
uid=1000(opc) gid=1000(opc) 組=1000(opc),4(adm),10(wheel),190(systemd-journal),992(docker)
[opc@oci-001 run]$ id
uid=1000(opc) gid=1000(opc) 組=1000(opc),4(adm),10(wheel),190(systemd-journal) 環境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023

上面看到加入docker組后依然報錯,但其實通過id和id opc驗證很容易發現是當前shell沒有生效,
此時需要重新登陸opc用戶,再次嘗試可以正常執行docker命令而無需sudo操作:

Enter your username: opc
Last login: Wed Nov 10 23:47:49 2021 from xxx.xxx.xxx.xxx
[opc@oci-001 ~]$ id
uid=1000(opc) gid=1000(opc) 組=1000(opc),4(adm),10(wheel),190(systemd-journal),992(docker) 環境=unconfined_u:unconfined_r:unconfined_t:s0-s0:c0.c1023
[opc@oci-001 ~]$ docker ps
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
[opc@oci-001 ~]$ docker version
Client: Docker Engine - Community
 Version:           19.03.11-ol
 API version:       1.40
 Go version:        go1.16.2
 Git commit:        9bb540d
 Built:             Fri Jul 23 01:33:55 2021
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.11-ol
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.16.2
  Git commit:       9bb540d
  Built:            Fri Jul 23 01:32:08 2021
  OS/Arch:          linux/amd64
  Experimental:     false
  Default Registry: docker.io
 containerd:
  Version:          v1.4.8
  GitCommit:        7eba5930496d9bbe375fdf71603e610ad737d2b2
 runc:
  Version:          1.0.0-rc95
  GitCommit:        2856f01
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683

此時就可以正常操作docker命令了,但是還有一個情況,如果需要登陸需要登陸信息的docker鏡像倉庫,比如Oracle的官方鏡像倉庫:

[opc@oci-001 ~]$ docker login container-registry.oracle.com
Username: xxx@xx.com
Password:
WARNING! Your password will be stored unencrypted in /home/opc/.docker/config.json.
Configure a credential helper to remove this warning. See
https://docs.docker.com/engine/reference/commandline/login/#credentials-store

Login Succeeded

成功登陸后,可以正常拉取對應鏡像:

[opc@oci-001 ~]$ docker pull container-registry.oracle.com/database/enterprise:19.3.0.0
Trying to pull repository container-registry.oracle.com/database/enterprise ...
19.3.0.0: Pulling from container-registry.oracle.com/database/enterprise
86607bb85307: Pull complete
9426f6bfa092: Pull complete
16f82e6c6196: Pull complete
3b3cb340bf3a: Pull complete
914616be8a89: Pull complete
72eda44db682: Pull complete
4f4fb700ef54: Pull complete
930126d48988: Pull complete
74776159d717: Pull complete
a75af7560303: Pull complete
768777aee4bd: Pull complete
83bc762e273b: Pull complete
40ae2cf39a7a: Pull complete
97f3b11e6fb5: Pull complete
49b970fb5707: Pull complete
49801e1d38a0: Pull complete
e0d849ef2418: Pull complete
31d732a7744f: Pull complete
760939c383f0: Pull complete
5c2969cb34b8: Pull complete
Digest: sha256:ea9cd805ec49368fd288323e3f41d6c6e45698813e2ae89fd5d097c026ab5aa6
Status: Downloaded newer image for container-registry.oracle.com/database/enterprise:19.3.0.0
container-registry.oracle.com/database/enterprise:19.3.0.0

注:之前做測試過程中,最開始沒有將opc加入到docker組中,所以使用sudo操作,比如登陸用 sudo docker login方式登陸,配置文件會被存放到/root/.docker/config.json,給后面運維會帶來一些麻煩。所以建議大家最開始就配置規划好使用docker的用戶。


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 windows加普通用戶加入管理員組 普通用戶使用Docker 普通用戶添加到docker用戶組 將普通用戶添加到sudo組 ubuntu設置普通用戶也能執行docker命令 centos7 創建普通用戶,並賦予docker權限 將tomcat以普通用戶啟動 CentOS普通用戶沒有sudo權限 普通用戶啟動nginx tomcat普通用戶運行
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM