docker.sock connect permission denied
Hey, I am running coder as a docker container. Now I want to add a template but get the
Error: Error pinging Docker server: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/_ping": dial unix /var/run/docker.sock: connect: permission denied error.
I saw a post here saying to chmod 666 the docker.sock but I dont like that.
I have tried sudo usermod -aG docker coder to add the coder user to the docker group to make it able to access the docker.sock but it does not work. Any Ideas how I can fix this?
Thanks ^^16 Replies
need to run
coder server as coder:dockerBut it is running in a docker container. How to I switch that?
did you try restarting?
I cannot add the group docker to the User in the container where coder server is called...
Is there a way I can do that?
usermod does not work.
@https://vsus.app yes I have tried restarting the Docker containerlike the server
can you try login to the coder account and check for group?
sudo su - coder -s /bin/bashOn the host machine?
On the host machine where is typed
coder templates create it is coder : coder docher.
Inside the Docker container it is coder : coderare you using docker compose ?
Yes, I have spun up the coder server on my server using docker-compose behind a traefik reversed Proxy, with PostgreSQL and OIDC authentication.
On the host machine I tried to use
coder templates createalright then you can just use the
user directive under your service declaration
like this user: coder:998
where 998 is the gid of the docker group
so maybe it's not the same for youIt works, thank you ^^
Just a short question: the coder-server is not available for the internet, right? Only logged in users can access it, right?
depends on how you set it up
also I think you're asking if there's anonymous access ? answer is no : you need an account on the instance to use coder
On the coder workspace is a code-server I can access. Is this access available to the Internet (I don't want it to be).
The coder instance itself is available to the Internet because I choose to expose it.
if your coder is exposed to "the internet" then every
coder_app is also exposed in some way, otherwise you wouldn't be able to use them, but no, you need to be authenticated to access any coder_app
but in reality, the coder instance proxies your code-server, so that also makes it "available" to the internet, otherwise you wouldn't be able to access itOkay thank you ^^
you can close this using
/resolve if you don't have any other questionsMarked the thread as resolved.