/etc/docker/config.json permission

Question

/etc/docker/config.json permission

antoinetran opened this issue 5 years ago · 9 comments

Actual behavior:
When using an user in docker group:
docker ps -a works but gives:
WARNING: Error loading config file: /etc/docker/config.json - stat /etc/docker/config.json: permission denied
However, sudo docker ps works without warning.
This is because vagrant proxyconf sets the owner/group as:

[vagrant@localhost ~]$ ll /etc/docker -d
drwxrwx---. 2 root root 60 Sep 30 15:10 /etc/docker

While it should be root.docker 770.

Code: https://github.com/tmatilai/vagrant-proxyconf/blob/v2.0.6/lib/vagrant-proxyconf/action/configure_docker_proxy.rb#L100
Solution:
sudo chown root.docker /etc/docker

I need to do this each time I start my VM with vagrant up.

Environment:

$ vagrant plugin list
vagrant-proxyconf (2.0.5, global)
  - Version Constraint: > 0
vagrant-vbguest (0.18.0, global)
  - Version Constraint: > 0
vagrant-vbguest-centos (0.2.0, global)
  - Version Constraint: > 0

Answer 1 · 2019-10-04T17:22:45.000Z

Had the same problem. At first, I tried to add a configure.vm.provision script that always ran in the Vagrantfile, but the proxy settings occurred after my added script ran. So finally, I just modified the following files/lines chown group ownership from root...

~/.vagrant.d/gems/2.4.6/gems/vagrant-proxyconf-2.0.6/lib/vagrant-proxyconf/action/configure_docker_proxy.rb:100:            comm.sudo("chown root:root /etc/docker")
~/.vagrant.d/gems/2.4.6/gems/vagrant-proxyconf-2.0.6/lib/vagrant-proxyconf/action/configure_docker_proxy.rb:102:            comm.sudo("chown root:root /etc/docker/config.json")

...to docker...

~/.vagrant.d/gems/2.4.6/gems/vagrant-proxyconf-2.0.6/lib/vagrant-proxyconf/action/configure_docker_proxy.rb:100:            comm.sudo("chown root:docker /etc/docker")
~/.vagrant.d/gems/2.4.6/gems/vagrant-proxyconf-2.0.6/lib/vagrant-proxyconf/action/configure_docker_proxy.rb:102:            comm.sudo("chown root:docker /etc/docker/config.json")

Vagrant Environment:

$ vagrant -v ; vagrant plugin list
Vagrant 2.2.5
vagrant-proxyconf (2.0.6, global)

Guest OS:
Linux ol7-docker-engine
https://github.com/oracle/vagrant-boxes

Host Shell:
Git BASH for Windows
https://gitforwindows.org/

Host OS:
Windows 10 x64 Pro

Answer 2 · 2019-10-22T17:57:14.000Z

Hi @antoinetran - Thanks for reporting and sorry for the delay getting back to you. I'm sorry to hear that you are having this problem but I appreciate you taking the time to report the details and the workaround.

I noticed that you are running 2.0.5 of the vagrant-proxyconf can you try upgrading to 2.0.6 and test again and see if this addresses your issue? There was a fix in the2.0.6 release to address a permissions issue and I hope that it addresses this use case as well. If not, please let me know and I'll make sure to fix this.

Again, thanks for reporting and I look forward to hearing from you.

Answer 3 · 2019-10-22T18:00:46.000Z

Hey folks -

Just curious what guest OS are you guys using?

It would be really helpful if you could provide the system release information and architecture so that I can make sure this gets addressed in all use cases. I'll do my best to make sure this gets taken care of quickly. Thanks again for reporting.

Answer 4 · 2019-10-22T18:39:31.000Z

@codylane @jasonw53 already has the issue with 2.0.6, you can see that beyond. As for my guest OS: CentOs 7.4, and host OS Windows 10 Pro.

Answer 5 · 2019-10-22T19:03:55.000Z

hi @antoinetran - Gotcha, Yeah, I saw that too, but just wanted to make sure you were using the latest vagrant-proxyconf release. :)

I won't lie this one is going to be tricky to fix since different OS combos have different usernames. I'm sure we will figure it out though. Give me few days to sort this one out and I'll be in touch.

Thanks again for reporting.

Answer 6 · 2019-10-22T20:01:42.000Z

Hrmmmm, I find this interesting, these are default persmissions that come with docker on CentOS 7.x.

[vagrant@localhost docker]$ ls -rlth
total 8.0K
-rw-------. 1 root root 244 Oct 22 18:39 key.json
-rw-r--r--. 1 root root 132 Oct 22 19:02 config.json

More investigation is needed. I'll continue to research the next couple of days. Thank you for reporting and for your patience.

Answer 7 · 2019-10-24T13:33:07.000Z

I've made a commit to hopefully address this and it's currently in local testing. The open pull request #208 will link to this issue so that you can see the progress of what will be in the 2.0.7 release. For what it's worth, I couldn't find a whole lot of documentation on how to handle this on every OS so I took what you both provided since on most OSes it seems that the permissions should be root:docker and there almost always seems to be a docker group. Crossing my fingers this doesn't break for other folks.

Answer 8 · 2019-11-06T06:23:26.000Z

Just a friendly heads up, I've prepped this release and it's currently staged in master. I'll cut the release to rubygems and tag the release by the end of the week. Release info will updated in issue #211

Answer 9 · 2019-11-14T17:57:32.000Z

Thanks again for reporting, addressed this issue via the attached commits.

Closing out this issue.