How to run 'sudo chmod 666 /var/run/docker.sock' on Ubuntu, before the services start

Question

I have an Ubuntu Server 16.04, with a service that needs this permission

$ sudo chmod 666 /var/run/docker.sock

Right now, every time the server is rebooted, it's necessary to open a ssh console, run that task and start the service manually.

I need to run that command before the services being started. What would be the most secure way to do it?

EDIT: The service's account already is member of the docker group.

Why not add the service user's account to your `docker` group? — EEAA, Dec 16 '16 at 05:18
If you really must have a service using the Docker socket, use a privileged container. But try to avoid it entirely, if possible. — Michael Hampton, Dec 16 '16 at 06:12

score 4 · Accepted Answer · edited Dec 16 '16 at 21:12

To directly answer your question, just add the following content to a file called /etc/init/docker-chmod.conf to get your permissions set during boot.

start on startup
task
exec chmod 666 /var/run/docker.sock

But you should consider adding your, or a system user, to the docker-unix group to avoid workarounds like this which could be a big potential security threat.

The result of your chmod practically gives all local users read and write permissions to the docker-socket which allows anyone to interfere with your docker images.

How to run 'sudo chmod 666 /var/run/docker.sock' on Ubuntu, before the services start

1 Answers1