When Docker installs on a machine, it asks the user for root privileges to finish its installation process after you start it the first time. In our environment, we decided that it's best users don't need to enter any sort of credentials to finish the installation of an application. So, via a trail of troubleshooting steps I found online and some trial & error, I was able to put together an installer that does not need root privileges to finish its installation. Use the following directions to create a version of the installer that does not require Admin Rights. If you are already familiar with making JSS policies and using Composer, check out the TLDR section at the bottom. Download Docker For Mac Mount the Docker DMG Open Composer Click on New Select Normal Snapshot Click Next Name the Snapshot and click next Once the Snapshot has finished creating, drag the Docker application into the root Applications folder Open Applications, and then open Docker Docker will post an introductory window, click OK Docker will ask for privileged access, click OK Enter your Admin credentials and click okay Docker will run its final installation steps Click Got It after Docker has finished running its post-installation In Composer, click Create Package Source Drill down Library>LaunchDaemons Select the com.docker.vmnetd.plist file Ensure that the file's owner is root, and group is wheel. Check the box for X (execute) on the Owner row. Verify that it states Mode: 744 (not 644) Drill down Users>{username}>Library>Containers>com.docker.docker Delete the Data folder within the com.docker.docker folder Ensure there are no additional folders unrelated to the Docker installation in the package source. In my case I removed the Saved Application State folder. Once you've done this, click on Build as DMG and save to your package build location Open Casper Admin and drag the DMG into Casper Admin to upload. Change the settings on the DMG to turn on FEU (Fill Existing User Template) Categorize the file Save Log into the JSS and Create the Docker policy. Place the DMG in the policy Set the policy to restart after install (Restart Options>User Logged In Action> Restart) Add Files and Processes, add the following one liner to Execute Command: /bin/launchctl load -Fw /Library/LaunchDaemons/com.docker.vmnetd.plist Setup to install from Self Service TLDR Version;Install using a composer snapshot as normal.The only major differences are as follows:Change /Library/LaunchDaemon/com.docker.vmnetd.plist to 744 and root:wheelDelete the Data folder found in Users/{username}/Library/Containers/com.docker.dockerSave as DMG, place on Casper Admin with FEU enabledIn Policy: Ensure that the computer restarts after install. Add the following one liner in Execute Command:/bin/launchctl load -Fw /Library/LaunchDaemons/com.docker.vmnetd.plist

I found that the following command works well. /Applications/Docker.app/Contents/MacOS/Docker --install-privileged-componentsmy install script steps as root: Curl down latest DMGMount dmgditto Docker.app to /Applications/Docker.appunmount dmgrun the --install-privileged-components command.I've tested as standard user and Docker launches and works as expected.

How To: Package a Docker Installer that Does Not Request Admin Privileges

When Docker installs on a machine, it asks the user for root privileges to finish its installation process after you start it the first time. In our environment, we decided that it's best users don't need to enter any sort of credentials to finish the installation of an application. So, via a trail of troubleshooting steps I found online and some trial & error, I was able to put together an installer that does not need root privileges to finish its installation.

Use the following directions to create a version of the installer that does not require Admin Rights. If you are already familiar with making JSS policies and using Composer, check out the TLDR section at the bottom.

Download Docker For Mac
Mount the Docker DMG
Open Composer
Click on New
Select Normal Snapshot
Click Next
Name the Snapshot and click next
Once the Snapshot has finished creating, drag the Docker application into the root Applications folder
Open Applications, and then open Docker
Docker will post an introductory window, click OK
Docker will ask for privileged access, click OK
Enter your Admin credentials and click okay
Docker will run its final installation steps
Click Got It after Docker has finished running its post-installation
In Composer, click Create Package Source
Drill down Library>LaunchDaemons
Select the com.docker.vmnetd.plist file
Ensure that the file's owner is root, and group is wheel.
Check the box for X (execute) on the Owner row. Verify that it states Mode: 744 (not 644)
Drill down Users>{username}>Library>Containers>com.docker.docker
Delete the Data folder within the com.docker.docker folder
Ensure there are no additional folders unrelated to the Docker installation in the package source. In my case I removed the Saved Application State folder.
Once you've done this, click on Build as DMG and save to your package build location
Open Casper Admin and drag the DMG into Casper Admin to upload.
Change the settings on the DMG to turn on FEU (Fill Existing User Template)
Categorize the file
Save
Log into the JSS and Create the Docker policy.
Place the DMG in the policy
Set the policy to restart after install (Restart Options>User Logged In Action> Restart)
Add Files and Processes, add the following one liner to Execute Command: /bin/launchctl load -Fw /Library/LaunchDaemons/com.docker.vmnetd.plist
Setup to install from Self Service

TLDR Version;
Install using a composer snapshot as normal.
The only major differences are as follows:
Change /Library/LaunchDaemon/com.docker.vmnetd.plist to 744 and root:wheel
Delete the Data folder found in Users/{username}/Library/Containers/com.docker.docker
Save as DMG, place on Casper Admin with FEU enabled
In Policy: Ensure that the computer restarts after install. Add the following one liner in Execute Command:
/bin/launchctl load -Fw /Library/LaunchDaemons/com.docker.vmnetd.plist

Page 2 / 3

Thanks fore the tip, @cgarvey, I'll give that a shot.

-- Deleted

So I thought I had this but something isn't working.

I made my Docker package with this edited post install script:

#!/bin/bash

# REF: https://forums.docker.com/t/feature-request-cli-tool-for-automated-installation/18334/4
# assumes the following directories exist:
# /usr/local/bin
# /Library/PrivilegedHelperTools

declare -r docker_bundle_dir=/Applications/Docker.app/Contents
declare -r privtools=/Library/PrivilegedHelperTools
declare -r launchDaemon=/Library/LaunchDaemons/com.docker.vmnetd.plist

for tool in com.docker.frontend docker docker-compose docker-diagnose docker-machine notary; do
    /bin/ln -sf "${docker_bundle_dir}"/Resources/bin/${tool} /usr/local/bin
done

[[ ! -d "${privtools}" ]] && /bin/mkdir -p "${privtools}" ; /bin/chmod 1755 "${privtools}"

/usr/bin/install -m 0544 -o root -g wheel "${docker_bundle_dir}"/Library/LaunchServices/com.docker.vmnetd "${privtools}"

# This file no longer exists in the installer. You need to copy a known good plist over now. For an example of the file, see the end.
#/usr/bin/install -m 0644 -o root -g wheel ${docker_bundle_dir}/Resources/com.docker.vmnetd.plist /Library/LaunchDaemons

# Let's get the correct vmnetd version to set the launchDaemon 
VERSION=$(/usr/bin/defaults read /Applications/Docker.app/Contents/Info.plist VmnetdVersion)

# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #
# LAUNCH DAEMON CREATION
# # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # # #

/bin/cat << EOF > "$launchDaemon"
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.docker.vmnetd</string>
    <key>Program</key>
    <string>/Library/PrivilegedHelperTools/com.docker.vmnetd</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Library/PrivilegedHelperTools/com.docker.vmnetd</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>Sockets</key>
    <dict>
        <key>Listener</key>
        <dict>
            <key>SockPathMode</key>
            <integer>438</integer>
            <key>SockPathName</key>
            <string>/var/run/com.docker.vmnetd.sock</string>
        </dict>
    </dict>
    <key>Version</key>
    <string>$VERSION</string>
</dict>
</plist>
EOF

/usr/bin/plutil -convert xml1 "$launchDaemon"
## Set the permission on the file just made.
/usr/sbin/chown root:wheel "$launchDaemon"
/bin/chmod 0644 "$launchDaemon"
/bin/launchctl load "$launchDaemon"

Running this without a package, works! Docker loads without admin and everything is nice. If I run it from jamf (or as a pkg) it doesn't work. Any ideas?

I have been successful in creating a deployable Docker package....but I'm confused why I had to do it this way, so maybe someone can shed some light on it.

I made a standard package with the Docker app in the Applications folder. I added scripts to the post-install but it didn't work when I put it in the actual package! So what I did was break the scripts out and put them in Jamf and just run those after install. Same script I included in the package..just removed from the package. Why it works this way, i don't know.

First Post-install script:

#!/bin/bash
# Based on https://github.com/autopkg/chilcote-recipes/blob/master/Docker/Docker.munki.recipe
# which in turn is based on:
# <https://forums.docker.com/t/feature-request-cli-tool-for-automated-installation/18334/4>
# Will create:
# /Library/PrivilegedHelperTools
# /usr/local/bin
# if missing

declare -r docker_bundle_dir=/Applications/Docker.app/Contents
declare -r privtools=/Library/PrivilegedHelperTools
declare -r usr_local_bin=/usr/local/bin

[[ ! -d ${usr_local_bin} ]] && /bin/mkdir -p ${usr_local_bin} ; /bin/chmod 1755 ${usr_local_bin}
for tool in docker docker-compose docker-diagnose docker-machine notary; do
    /bin/ln -sf ${docker_bundle_dir}/Resources/bin/${tool} /usr/local/bin
done

[[ ! -d ${privtools} ]] && /bin/mkdir -p ${privtools} ; /bin/chmod 1755 ${privtools}

# unload com.docker.vmnetd if present
if [[ -e /Library/LaunchDaemons/com.docker.vmnetd.plist ]] ; then
    /bin/launchctl unload /Library/LaunchDaemons/com.docker.vmnetd.plist
fi

/usr/bin/install -m 0544 -o root -g wheel ${docker_bundle_dir}/Library/LaunchServices/com.docker.vmnetd ${privtools}

## this bit no longer works because the LD plist is no longer in the app bundle.
## See https://github.com/docker/roadmap/issues/80#issuecomment-853446920
#/usr/bin/install -m 0644 -o root -g wheel #${docker_bundle_dir}/Resources/com.docker.vmnetd.plist /Library/LaunchDaemons
##
## fragile replacement
/bin/cat > /Library/LaunchDaemons/com.docker.vmnetd.plist << EOF
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
    <key>Label</key>
    <string>com.docker.vmnetd</string>
    <key>Program</key>
    <string>/Library/PrivilegedHelperTools/com.docker.vmnetd</string>
    <key>ProgramArguments</key>
    <array>
        <string>/Library/PrivilegedHelperTools/com.docker.vmnetd</string>
    </array>
    <key>RunAtLoad</key>
    <true/>
    <key>Sockets</key>
    <dict>
        <key>Listener</key>
        <dict>
            <key>SockPathMode</key>
            <integer>438</integer>
            <key>SockPathName</key>
            <string>/var/run/com.docker.vmnetd.sock</string>
        </dict>
    </dict>
</dict>
</plist>
EOF
/bin/chmod 644 /Library/LaunchDaemons/com.docker.vmnetd.plist
## end fragile replacement
VERSION=$(/usr/bin/defaults read /Applications/Docker.app/Contents/Info.plist VmnetdVersion)
/usr/bin/defaults write /Library/LaunchDaemons/com.docker.vmnetd.plist Version -string ${VERSION}
/usr/bin/plutil -convert xml1 /Library/LaunchDaemons/com.docker.vmnetd.plist
/bin/chmod 0644 /Library/LaunchDaemons/com.docker.vmnetd.plist
/bin/launchctl load /Library/LaunchDaemons/com.docker.vmnetd.plist

And then the next one which sets up preferences:

#!/bin/zsh
#
# Description: Script to set Docker Settings.
#
#

# Set variables
JQ="/usr/local/bin/jq"
JQTrigger="${4}"
SettingsVersion="${5}"
# 3.4.0 is version 11
# 3.3.3 is version 10
# 2.5.0.1 is version 6

# Look for JQ for JSON editing
if [[ ! -f "$JQ" ]]; then
    echo "JQ not installed, installing..."
    /usr/local/bin/jamf policy -event "$JQTrigger"
fi

localUsers=( $(dscl . list /Users UniqueID | awk '$2 >= 501 {print $1}' | grep -Ev "^(lms-account|mfe|casperctrl|y_.*)$") )
for usr in ${localUsers[@]}; do
    SettingFile="/Users/$usr/Library/Group Containers/group.com.docker/settings.json"
    TmpSettings="/Users/$usr/Library/Group Containers/group.com.docker/old_settings.json"

    if [[ ! -f "$SettingFile" ]]; then
        echo "Settings file does not exist for $usr, creating..."
        mkdir -p "/Users/$usr/Library/Group Containers/group.com.docker/"
        echo "{}" > "$SettingFile" # Creating a json from scratch
        chmod 755 "/Users/$usr/Library/Group Containers/group.com.docker/"
        chmod 666 "$SettingFile"
        chown -R "$usr" "/Users/$usr/Library/Group Containers/group.com.docker/"
    fi

    # Do the stuff
    $JQ '. + {"checkForUpdates":false, "analyticsEnabled":false, "settingsVersion":'$SettingsVersion'}' "$SettingFile" > "$TmpSettings" && cp "$TmpSettings" "$SettingFile"
    defaults write /Users/$usr/Library/Preferences/com.docker.docker.plist SUEnableAutomaticChecks 0
done

I use JQ to do this and install if it's not already installed. Note that the "settings version" is required for an upgrade to work properly.

With all of this in place, I have successfully deployed 3.3.3 and 3.4.0.

I found that the following command works well.

 /Applications/Docker.app/Contents/MacOS/Docker --install-privileged-components

my install script steps as root:

Curl down latest DMG
Mount dmg
ditto Docker.app to /Applications/Docker.app
unmount dmg
run the --install-privileged-components command.

I've tested as standard user and Docker launches and works as expected.

This guy @Chris_Potrebka knows what he's talking about

@Chris_Potrebka Does this work with upgrades as well?

Update: It works! Thank you so much, @Chris_Potrebka !

Happy to help!

This is how I discovered docker --install-privileged-components

I started poking around the Docker.app using strings to see if there was any hidden commands and while the docker binary didn't provide anything interesting, the DockerHelper.app revealed what I was hoping for. I found it with the following command.

% strings /Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper | grep install

which gave me:

LLVM Profile Warning: Unable to install an exit signal handler for %d (errno = %d).
installPrivilegedComponents
uninstall
--install-privileged-components
installPrivilegedComponents
uninstall

I then tested...

/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper --install-privileged-components

and it failed.

I then tested...

/Applications/Docker.app/Contents/MacOS/Docker --install-privileged-components

and it worked.

Just wanted to mention how perfect the --install-privileged-components command mentioned by @Chris_Potrebka was. Saved my day. You get an extra Kudos!

I'm not sure why Docker doesn't seem to document that from what I can tell. If it is documented, it's not easy to find. Though now that I know the term to search for, it seems to show up on a couple of threads on Docker's forum at least.

Just wanted to mention how perfect the --install-privileged-components command mentioned by @Chris_Potrebka was. Saved my day. You get an extra Kudos!

Thanks tones for the kudos! Greatly appreciated.

P.S. l've consolidated my Jamf accounts down to this my original one. 🙂

This seems broken again with the latest version of Docker:

Beginning on August 31, 2021, you must agree to the Docker Subscription Service Agreement to continue using Docker Desktop. Read the Blog and the Docker subscription FAQs to learn more about the changes.

Using the --install-privileged-components command doesn't bypass needing to accept the new Service Agreement.

Any thoughts?

I found that the following command works well.

 /Applications/Docker.app/Contents/MacOS/Docker --install-privileged-components

my install script steps as root:

Curl down latest DMG
Mount dmg
ditto Docker.app to /Applications/Docker.app
unmount dmg
run the --install-privileged-components command.

I've tested as standard user and Docker launches and works as expected.

@Chris_Potrebka THANK YOU! ❤️ it works perfectly!

Happy to help!

This is how I discovered docker --install-privileged-components

% strings /Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper | grep install

which gave me:

LLVM Profile Warning: Unable to install an exit signal handler for %d (errno = %d).
installPrivilegedComponents
uninstall
--install-privileged-components
installPrivilegedComponents
uninstall

I then tested...

/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper --install-privileged-components

and it failed.

I then tested...

/Applications/Docker.app/Contents/MacOS/Docker --install-privileged-components

and it worked.

Hi Chris,

Would you be willing to share your entire script?

Very interested in giving this a go!

My learned colleague has scripted this and has it working (for initial installs and updates) with the attached script. All users are not admins. Tested and working on Intel and Apple Silicon.

https://gist.github.com/SamStenton/716fb44fae9d59b320a4b92108af0beb

#!/bin/bash


if [[ `uname -m` == 'arm64' ]]; then
    # Apple Silicon
    echo 'Downloading Apple Silcon release'
    curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/arm64/Docker.dmg
else
    # Intel 
    echo 'Downloading Apple Intel release'
    curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/amd64/Docker.dmg
    # curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/amd64/72729/Docker.dmg #old version to test updating
fi


# Mount image 
hdiutil attach ~/Downloads/Docker.dmg

# Copy to Applcation folder
rm -rf /Applications/Docker.app # For updates remove the old app
cp -R /Volumes/Docker/Docker.app /Applications

# Install docker privilaged components
/Applications/Docker.app/Contents/MacOS/Docker --unattended --install-privileged-components


# Accept license (doesn't seem to be working)
open -a /Applications/Docker.app --args --unattended --accept-license

# Clean up.
echo 'Cleaning up'
hdiutil unmount /Volumes/Docker/Docker.app 
rm ~/Downloads/Docker.dmg

Happy to help!

This is how I discovered docker --install-privileged-components

% strings /Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper | grep install

which gave me:

LLVM Profile Warning: Unable to install an exit signal handler for %d (errno = %d).
installPrivilegedComponents
uninstall
--install-privileged-components
installPrivilegedComponents
uninstall

I then tested...

/Applications/Docker.app/Contents/Library/LoginItems/DockerHelper.app/Contents/MacOS/DockerHelper --install-privileged-components

and it failed.

I then tested...

/Applications/Docker.app/Contents/MacOS/Docker --install-privileged-components

and it worked.

Hi I am new to Jamf and trying to deploy Docker 4.7.1. I have tried using both execute command or just run as Sudo in terminal with this command and both are giving me error “Permission error” Running Docker Desktop as root is dangerous. Please run it as a regular user. If I run as regular user it requires me to enter my privilege password.

Appreciate if you can help.

My learned colleague has scripted this and has it working (for initial installs and updates) with the attached script. All users are not admins. Tested and working on Intel and Apple Silicon.

https://gist.github.com/SamStenton/716fb44fae9d59b320a4b92108af0beb

#!/bin/bash


if [[ `uname -m` == 'arm64' ]]; then
    # Apple Silicon
    echo 'Downloading Apple Silcon release'
    curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/arm64/Docker.dmg
else
    # Intel 
    echo 'Downloading Apple Intel release'
    curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/amd64/Docker.dmg
    # curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/amd64/72729/Docker.dmg #old version to test updating
fi


# Mount image 
hdiutil attach ~/Downloads/Docker.dmg

# Copy to Applcation folder
rm -rf /Applications/Docker.app # For updates remove the old app
cp -R /Volumes/Docker/Docker.app /Applications

# Install docker privilaged components
/Applications/Docker.app/Contents/MacOS/Docker --unattended --install-privileged-components


# Accept license (doesn't seem to be working)
open -a /Applications/Docker.app --args --unattended --accept-license

# Clean up.
echo 'Cleaning up'
hdiutil unmount /Volumes/Docker/Docker.app 
rm ~/Downloads/Docker.dmg

We've taken a bit of a different approach so as not to make it a live download. We are packaging the docker.dmg with a postinstall script that installs and configures based on the Docker docs. The only weird thing is I have to temporarily disable Gatekeeper or the install will fail:

#!/bin/bash

## based on Jamf Nation content:
# https://community.jamf.com/t5/jamf-pro/how-to-package-a-docker-installer-that-does-not-request-admin/m-p/199627

## Docker "Command-line" install
# https://docs.docker.com/desktop/install/mac-install/#install-from-the-command-line

# installed resources in /tmp/docker/*
dockerDMG="Docker.dmg"
mountName="Docker"
currentUser=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#################
# NEED TO DISABLE GATEKEEPER TO INSTALL THIS WAY?!!? Yep. Wow.
/usr/sbin/spctl --master-disable
#################

/usr/bin/xattr -d com.apple.quarantine "/tmp/docker/${dockerDMG}"

echo "Mounting Docker DMG"
/usr/bin/hdiutil attach "/tmp/docker/${dockerDMG}"

echo "DMG attached at /Volumes/${mountName}"
echo
echo "Starting Docker installation"
"/Volumes/${mountName}/Docker.app/Contents/MacOS/install" --accept-license --user="$currentUser"
echo

echo "Setting permissions on Docker.app"
/usr/sbin/chown -R "$currentUser" "/Applications/Docker.app"

echo "Clearing Quarantine Flags"
/usr/bin/xattr -dr com.apple.quarantine /Applications/Docker.app

echo "Installing additional Docker components so users don't need admin rights"
"/Applications/Docker.app/Contents/MacOS/Docker" --install-privileged-components

## Cleanup
/usr/sbin/spctl --master-enable

/bin/echo "Starting cleanup"
echo "Unmounting $dockerDMG"
/usr/bin/hdiutil detach "/Volumes/$mountName"
sleep 5
echo "Removing temp files"
/bin/rm -rf /tmp/docker

exit 0

#!/bin/bash

## based on Jamf Nation content:
# https://community.jamf.com/t5/jamf-pro/how-to-package-a-docker-installer-that-does-not-request-admin/m-p/199627

## Docker "Command-line" install
# https://docs.docker.com/desktop/install/mac-install/#install-from-the-command-line

# installed resources in /tmp/docker/*
dockerDMG="Docker.dmg"
mountName="Docker"
currentUser=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#################
# NEED TO DISABLE GATEKEEPER TO INSTALL THIS WAY?!!? Yep. Wow.
/usr/sbin/spctl --master-disable
#################

/usr/bin/xattr -d com.apple.quarantine "/tmp/docker/${dockerDMG}"

echo "Mounting Docker DMG"
/usr/bin/hdiutil attach "/tmp/docker/${dockerDMG}"

echo "DMG attached at /Volumes/${mountName}"
echo
echo "Starting Docker installation"
"/Volumes/${mountName}/Docker.app/Contents/MacOS/install" --accept-license --user="$currentUser"
echo

echo "Setting permissions on Docker.app"
/usr/sbin/chown -R "$currentUser" "/Applications/Docker.app"

echo "Clearing Quarantine Flags"
/usr/bin/xattr -dr com.apple.quarantine /Applications/Docker.app

echo "Installing additional Docker components so users don't need admin rights"
"/Applications/Docker.app/Contents/MacOS/Docker" --install-privileged-components

## Cleanup
/usr/sbin/spctl --master-enable

/bin/echo "Starting cleanup"
echo "Unmounting $dockerDMG"
/usr/bin/hdiutil detach "/Volumes/$mountName"
sleep 5
echo "Removing temp files"
/bin/rm -rf /tmp/docker

exit 0

Thank you! I will give this a try.

#!/bin/bash

## based on Jamf Nation content:
# https://community.jamf.com/t5/jamf-pro/how-to-package-a-docker-installer-that-does-not-request-admin/m-p/199627

## Docker "Command-line" install
# https://docs.docker.com/desktop/install/mac-install/#install-from-the-command-line

# installed resources in /tmp/docker/*
dockerDMG="Docker.dmg"
mountName="Docker"
currentUser=$( /usr/sbin/scutil <<< "show State:/Users/ConsoleUser" | awk '/Name :/ && ! /loginwindow/ { print $3 }' )

#################
# NEED TO DISABLE GATEKEEPER TO INSTALL THIS WAY?!!? Yep. Wow.
/usr/sbin/spctl --master-disable
#################

/usr/bin/xattr -d com.apple.quarantine "/tmp/docker/${dockerDMG}"

echo "Mounting Docker DMG"
/usr/bin/hdiutil attach "/tmp/docker/${dockerDMG}"

echo "DMG attached at /Volumes/${mountName}"
echo
echo "Starting Docker installation"
"/Volumes/${mountName}/Docker.app/Contents/MacOS/install" --accept-license --user="$currentUser"
echo

echo "Setting permissions on Docker.app"
/usr/sbin/chown -R "$currentUser" "/Applications/Docker.app"

echo "Clearing Quarantine Flags"
/usr/bin/xattr -dr com.apple.quarantine /Applications/Docker.app

echo "Installing additional Docker components so users don't need admin rights"
"/Applications/Docker.app/Contents/MacOS/Docker" --install-privileged-components

## Cleanup
/usr/sbin/spctl --master-enable

/bin/echo "Starting cleanup"
echo "Unmounting $dockerDMG"
/usr/bin/hdiutil detach "/Volumes/$mountName"
sleep 5
echo "Removing temp files"
/bin/rm -rf /tmp/docker

exit 0

Hi I tried the script and not sure what I am doing wrong but I still can’t get pass the issue I am getting when running docker - -install-privileged-components

i get a pop-up

”Permission erro”

Running Docker Desktop as root is dangerous. Please run it as a regular user.

thanks

Update: It works! Thank you so much, @Chris_Potrebka !

Hi desperately need help. Can I asked when you run this command with sudo, are you getting error it’s dangerous to run docker with root?

thanks

@Eric1115 did you get a fix for error you mentioned ?

Hi @Eric1115 or @AquibAS, were you able to bypass that root error you've mentioned?

I started getting tickets with the previous Docker install no longer working. I rewrote my script this morning with the following and it seems to be functioning just fine now. I am by no means a scripting pro but it does the job for me. Feel free to offer up any changes. I also did not write the original script, I made adjustments to the one we were using.

#!/bin/bash

if [[ `uname -m` == 'arm64' ]]; then
# Apple Silicon
echo 'Downloading Apple Silcon release'
curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/arm64/Docker.dmg
else
# Intel
echo 'Downloading Apple Intel release'
curl -o ~/Downloads/Docker.dmg https://desktop.docker.com/mac/main/amd64/Docker.dmg
fi

# Mount image
hdiutil attach ~/Downloads/Docker.dmg

# Copy to Applcation folder
rm -rf /Applications/Docker.app # For updates remove the old app
cp -R /Volumes/Docker/Docker.app /Applications
/Applications/Docker.app/Contents/MacOS/install --accept-license --user=$3

# Clean up.
echo 'Cleaning up'
hdiutil unmount /Volumes/Docker/Docker.app
rm ~/Downloads/Docker.dmg

#Configure Docker
cp -R /Applications/Docker.app/Contents/Resources/bin /Users/$3/.docker
ln -s -f /Users/$3/.docker/bin/docker /usr/local/bin
ln -s -f /Users/$3/.docker/run/docker.sock /var/run/docker.sock

Hi @themarkdad, for some reason, I am still having this stubborn issue with getting the --accept-license to work properly. Have you or anyone ever experienced that with your modified script?

Not that I have seen so far. I have had about 20 users run the install. My assumption is this was changed in the more current version of docker.

Did anything get adjusted script wise? Spaces added?

Thanks,

MARK CORUM | sr SYSTEMS ENGINEER

CELL : 402-213-7633

Mark.Corum@earlywarning.com

www.earlywarning.com<>

[signature_1859496312]

This email transmission may contain confidential and/or private information, which is the property of the sender. The information in this email or attachments thereto is intended for the attention and the use only of the addressee. If you are not the intended recipient, you are hereby notified that any disclosure, copying, or distribution of the contents of this email transmission, or the taking of any action in reliance thereon or pursuant thereto, is strictly prohibited. Should you have received this email in error, please contact the sender and delete and destroy all copies of the original message

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded