- 3,793
- 1,298
- NAS
- DS4l8play, DS202j, DS3623xs+, DSM 7.3.3-25847
Follow along with the video below to see how to install our site as a web app on your home screen.
Note: This feature currently requires accessing the site using the built-in Safari browser.
The docker engine is always run with root permissions! Granting access to the docker.sock is the only way to control access to the docker engine. This is why adding a user to the docker group is sufficient to allow them to access the docker.sock with the docker cli.Docker requires pretty powerful privileges, after all you are creating and killing processes with rights under various user and group IDs. Typically, one needs "sudo" to do anything useful with docker.
You have a Docker group on Synology (from the Synology Package Center)? I don't. I have a docker user (which I may have created... I don't remember) and a docker shared folder (by DSM).Granting access to the docker.sock is the only way to control access to the docker engine.
You have a Docker group on Synology (from the Synology Package Center)? I don't. I have a docker user (which I may have created... I don't remember) and a docker shared folder (by DSM).
sudo synogroup --add docker
)sudo chown root:docker /var/run/docker.sock
sudo synogroup --member docker {username}
){username}
and try (if you were already logged in before you created the group, logout and relogin)create the group "docker" from the ui or cli
synogroup --add
and synogroup --member
, both have been straight forward. No idea if other options are also that straight forward to use. At least for synouser --add
I do remember that it was definitly not straigt forward. Back in the the days it took me a fair while to add a user by cli. Pitty, I didn't take any notes about how I solved it.Does your home-rolled Docker group withstand a DSM update?Seems I created the group myself and fixed the permissions.
Seems I created the group myself and fixed the permissions.
Required Steps:
- create the group "docker" from the ui or cli (sudo synogroup --add docker
)
- make it the group of the docker.sock:sudo chown root:docker /var/run/docker.sock
- assign the user to the docker group in the ui or cli (sudo synogroup --member docker {username}
)
- login into ssh as{username}
and try (if you were already logged in before you created the group, logout and relogin)
On linux distros, the docker group is created during the installation of the docker package. The ownership there is root:docker. Seems I just re-created the behavior on my DS.
I have restarted the NAS and it all worked now.@one-eyed-king ,
I have tried your first step: sudo synogroup --add docker and encounter the following error:
admin@XXXXXXX:~$ sudo synogroup --add docker
Lastest SynoErr=[group_set.c:433]
SYNOLocalAccountGroupSet failed, synoerr=0x1700
admin@XXXXXXX:~$ sudo synogroup --get docker
Lastest SynoErr=[group_unpack.c:44]
SYNOGroupGet failed, synoerr=0x4000
admin@XXXXXXX:~$ sudo synogroup --descget docker
docker:[]
admin@XXXXXXX:~$ sudo synogroup --add docker admin
Lastest SynoErr=[group_set.c:433]
SYNOLocalAccountGroupSet failed, synoerr=0x1700
admin@XXXXXXX:~$ sudo chown root:docker /var/run/docker.sock
admin@XXXXXXX:~$ sudo synogroup --member docker admin
Lastest SynoErr=[group_unpack.c:44]
SYNOGroupGet failed, synoerr=0x4000
Do you know any reason why?
We use essential cookies to make this site work, and optional cookies to enhance your experience.