Rename "docker" privileged user group

Question

Docker allows running with sudo privileges by adding a user to the docker group. I want to rename docker to docker-users.

So I created the /etc/docker/daemon.json file with permissions 640:

{
  "group": "docker-users"
}

Then restarted docker: systemctl restart docker.

But that doesn't work - the socket (/var/run/docker.sock) still shows the default docker group:

srw-rw---- 1 root docker 0 Sep  8 12:05 /var/run/docker.sock=

And my non-root (which is a member of docker-users) still does not have sudo-less access to the docker daemon.

How do I force docker to use the config file?

Note the term "users" implies that these are not privileged accounts. Anyone with access to the docker socket is effectively root on the host whether or not they have sudo access. — BMitch, Sep 11 '19 at 14:38
@BMitch I don't follow, do you mean `docker-users` is a bad naming choice? I have `ssh-users`, `docker-users`, etc. — lonix, Sep 11 '19 at 16:06
It's bad naming since any "user" in that group has full root access on the host via the docker socket. — BMitch, Sep 11 '19 at 16:11
@BMitch Okay. But I don't understand why is that therefore a bad name? So what if that group's users have sudo access? It's just a group name, unless there is some convention I'm not aware of? — lonix, Sep 11 '19 at 16:42
As long as everyone managing group membership knows those group members have root access, there's no problem. The comment about "non-root" and "sudo-less access to the docker daemon" implied otherwise. — BMitch, Sep 11 '19 at 17:04

score 1 · Accepted Answer · answered Sep 08 '19 at 12:24

1

This is a bug. That issue shows some workarounds.

answered Sep 08 '19 at 12:24

lonix

1 Answers1