Manage docker without needing sudo on your Synology NAS

Manage docker without needing sudo on your Synology NAS

If you've installed and used docker before, you're probably familiar with adding your computer's user account to the docker user group to allow you to control docker (and docker-compose) without needing to use sudo. For production setups it might be beneficial to maintain that level of security, but for a local/home setup it might not be all that useful, and can even be quite bothersome.

By default Synology's Docker package does not actually create this user group. Fortunately, as the underlying operating system is Linux after all, it's fairly easy to rectify this. There are a few Synology-specific caveats though, so let's walk though the steps needed.

If you've already attempted to add a user to another user group, you might have noticed that the usual tools like usermod and groupadd don't actually exist on your Synology NAS. These are, for whatever reason, replaced with Synology's proprietary tools. So we'll have to use those.

Let's get started.

Note: For the following steps it is assumed that you are logged in to your Synology NAS using ssh with an account that has sudo permissions.

First, let's create a new user group called docker:

❯ sudo synogroup --add docker

Now we can add our user to this newly created group. Assuming you are currently logged in with the user you wish to add, run the following:

❯ sudo synogroup --member docker $USER
Note: If you want to add another user or if you happen to run all these commands within a sudo -s session, replace $USER with the name of the user account you wish to add.

Lastly, let's modify who owns the docker.sock file, so that it now belongs to the docker user group we just created:

❯ sudo chown root:docker /var/run/docker.sock

That's it! For this to take effect you should log out and then back in again. In some cases you might have to restart your Synology NAS before it sticks. You should now be able to run docker and docker-compose commands without using sudo. Nice.

So far this change seems to persist perfectly through reboots and even a system upgrade. I had originally done this while still running DSM6.x, and it's still running perfectly after upgrading to DSM7.