I thought about what you said and I decided to try creating a homeassistant user and added it to the docker group. The homeassistant user does not have privileged access to system files or the administrative account. What do you think, is this a good way to go about it?
Installation on a clean Debian 12 system without editing /etc/docker/daemon.json
If you decide to follow this guidestrictly and by the book you wont need all these extra steps which consequences on the system’s security can not being overseen anymore.
Not following this guide for whatsoever reason is just clogging the thread with useless posts. Best is to simply open a new thread about your particular installation method.
Could you please clarify what you mean by “how to do it?” What problem are you talking about? If the problem is with curl: (6) Could not resolve host, then try rebooting Debian 12, sometimes that helps, if that doesn’t help, then try doing this post, it worked for me, and if that doesn’t help, then you can do the following
A simpler and cleaner way to resolve this issue you will find HERE.
I strongly advise you to not do the following:
The above “solution” by simply adding another user (homeassistant here) and assigning certain privileges to that user is a workaround at best.
If you really follow:
Section 1 - Install Debian 12, pharagraph 1.11)
and
Section 1 - Install Debian 12, pharagraph 1.16, Step 1.10),
and
Don’t miss this one (!): Pharagraph 1.17)
There will be no need to add that additional user “homeassistant”. Neither you will need to tamper with the permissions of the docker container.
Keep it nice and simple!
Probably caused by half baked knowledge about the security/privileges concept of *nix systems some users are just skipping Section 1, pharagraph 1.17 and simply continue the guide as the root-user without being aware of the consequences this might bring up!
cgroup errors are resolved by installing homeassistant-supervised.deb. The post install script takes care of it. Perhaps you didn’t follow the instructions.
And if you read (I mean really read, not just skimming through) the referring pharagraph you will notice that little:
before the execution of:
where this is done by being a “normal” (unprivileged) user and only temporarily root privileges are granted to the user/group to access system resources for executing those individual commands by prepending “sudo -i”.
If you are not familiar with the sudo command in Linux I recommend you to read through “Linux sudo commands for beginners” to get the idea why it is important to do adminitrative tasks as a non-privileged user whenever possible.
I had this happen on an install today. The install script sent a lot of DNS queries at once and triggered anti flood protection on the router (depending on your router settings). It filtered the client connection and stopped all DNS requests and hence " Could not resolve host: get.docker.com" error.
Simple fix was to reboot which clears the cache and it works again. Also making sure ipv6 is disabled. Something to look into if you have that issue as it worked for me.
For a possible solution to the dns-issue you might want to look HERE.
You should have given more attention to “Section 1 – Install Debian 12”, step 1.10, step 1.16, and step 1.17.
With this you would have continued “Section 2 - Install OS Agent, Docker and Dependencies” as that non-privileged user you have created with step 1.10 which in turn would most probably have saved you from these kind of privilege issues like “couldn’t be accesses by user '_apt”’ and “(13: Permission denied)”.