Bug: sudo docker login changes .docker/config.json permissions

[dindurthy]

Description
I think this is a bug. It's at least a change in behavior. Recently upgraded docker-for-mac, and now sudo docker login is changing permissions on the config file.

Steps to reproduce the issue:

1. Install docker. Example config.json:

-rw-------  1 dindurthy  staff  377 Nov  4 15:01 config.json
-rw-r--r--@ 1 dindurthy  staff   48 Jul 10 11:06 daemon.json

2. sudo docker login

Describe the results you received:

-rw-------  1 root       staff  414 Nov  5 09:01 config.json
-rw-r--r--@ 1 dindurthy  staff   48 Jul 10 11:06 daemon.json

Describe the results you expected:

-rw-------  1 dindurthy  staff  377 Nov  4 15:01 config.json
-rw-r--r--@ 1 dindurthy  staff   48 Jul 10 11:06 daemon.json

Additional information you deem important (e.g. issue happens only occasionally):
Thereafter, running almost any docker command outputs an error message, although I haven't run into an issue where it wasn't benign:

dindurthy:~/.docker $ docker --version
WARNING: Error loading config file: /Users/dindurthy/.docker/config.json: open /Users/dindurthy/.docker/config.json: permission denied
Docker version 19.03.4, build 9013bf5

Output of docker version:

dindurthy:~/.docker $ docker --version
WARNING: Error loading config file: /Users/dindurthy/.docker/config.json: open /Users/dindurthy/.docker/config.json: permission denied
Docker version 19.03.4, build 9013bf5

Output of docker info:

dindurthy:~/.docker $ docker info
WARNING: Error loading config file: /Users/dindurthy/.docker/config.json: open /Users/dindurthy/.docker/config.json: permission denied
Client:
 Debug Mode: false

Server:
 Containers: 124
  Running: 0
  Paused: 0
  Stopped: 124
 Images: 164
 Server Version: 19.03.4
 Storage Driver: overlay2
  Backing Filesystem: extfs
  Supports d_type: true
  Native Overlay Diff: true
 Logging Driver: json-file
 Cgroup Driver: cgroupfs
 Plugins:
  Volume: local
  Network: bridge host ipvlan macvlan null overlay
  Log: awslogs fluentd gcplogs gelf journald json-file local logentries splunk syslog
 Swarm: inactive
 Runtimes: runc
 Default Runtime: runc
 Init Binary: docker-init
 containerd version: b34a5c8af56e510852c35414db4c1f4fa6172339
 runc version: 3e425f80a8c931f88e6d94a8c831b9d5aa481657
 init version: fec3683
 Security Options:
  seccomp
   Profile: default
 Kernel Version: 4.9.184-linuxkit
 Operating System: Docker Desktop
 OSType: linux
 Architecture: x86_64
 CPUs: 12
 Total Memory: 15.65GiB
 Name: docker-desktop
 ID: HHZP:6YWW:2AHK:YCC7:KJRV:N24V:VPR5:P4HF:KVMR:JY2G:PBTA:J7EU
 Docker Root Dir: /var/lib/docker
 Debug Mode: true
  File Descriptors: 37
  Goroutines: 47
  System Time: 2019-11-05T17:03:41.6028698Z
  EventsListeners: 2
 HTTP Proxy: gateway.docker.internal:3128
 HTTPS Proxy: gateway.docker.internal:3129
 Registry: https://index.docker.io/v1/
 Labels:
 Experimental: false
 Insecure Registries:
  127.0.0.0/8
 Live Restore Enabled: false
 Product License: Community Engine

Additional environment details (AWS, VirtualBox, physical, etc.):

[cpuguy83]

sudo is elevating privileges to root, the file will be written by whatever user executed it.
There is no way for the docker CLI to know that it shouldn't write as root.

Perhaps it could detect existing file settings and warn if permissions are going to change?

[thaJeztah]

Created docker/cli#2228 to copy ownership and permissions from the original file. Not really pretty, but looks to do the job

[thaJeztah]

this is fixed on master by docker/cli#2228 (not yet in a release)