Could not change group /var/run/docker.sock to docker: group docker not found

Good afternoon!
I can’t figure out anything with plugins/docker, help me…

I saw this post, checked everything, found no problems.
http://discuss.harness.io/t/cannot-connect-to-the-docker-daemon-at-unix-var-run-docker-sock-is-the-docker-daemon-running/4071

I use:

Docker version 20.10.8, build 3967b7d

launch the Drone via compose:

version: '3'
services:
  drone-server:
    image: drone/drone
    ports:
      - 8080:80
      - 8843:443
      - 9000
    volumes:
      - ./drone:/var/lib/drone/
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_OPEN=true
      - DRONE_SERVER_HOST=drone-server
      - DRONE_SERVER_PROTO=http
      - DRONE_DEBUG=true
      - DRONE_GIT_ALWAYS_AUTH=false
      - DRONE_GOGS=true
      - DRONE_GOGS_SKIP_VERIFY=false
      - DRONE_GOGS_SERVER=http://10.133.132.21:3000
      - DRONE_PROVIDER=gogs
      - DRONE_DATABASE_DATASOURCE=/var/lib/drone/drone.sqlite
      - DRONE_DATABASE_DRIVER=sqlite3
      - DRONE_RPC_SECRET=ALQU2M0KdptXUdTPKcEw
      - DRONE_SECRET=ALQU2M0KdptXUdTPKcEw
      - DRONE_AGENTS_ENABLED=true


  drone-runner:
    image: drone/drone-runner-docker
    restart: always
    ports:
      - 3001:3000
    depends_on:
      - drone-server
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock
    environment:
      - DRONE_RPC_HOST=drone-server
      - DRONE_RPC_PROTO=http
      - DRONE_RPC_SECRET=ALQU2M0KdptXUdTPKcEw
      - DRONE_RUNNER_NAME=drone-runner
      - DRONE_RUNNER_CAPACITY=2
      - DRONE_DEBUG=true
      - DRONE_TRACE=true
      - DRONE_RUNNER_PRIVILEGED_IMAGES=plugins/docker
      - DRONE_UI_USERNAME=root
      - DRONE_UI_PASSWORD=root

.drone.yml :

kind: pipeline
type: docker
name: linux

platform:
  os: linux
  arch: amd64

steps:
  - name : publish
    image: plugins/docker
    settings:
      debug: true
      repo: registry.loc/git/test
      registry: registry.loc
      insecure: true
      privileged: true
      add_host:
        - registry.loc:10.133.132.21
      tags:
        - 1.0.1
        - latest

I see that the file /var/run/socket.sock is in drone-runner-docker.
but now it is not in plugins/docker.

and I get the following error:

latest: Pulling from plugins/docker
Digest: sha256:ac5176110e7378320447551854a12aefdfb757dda1e59d29cecae7f1e729e0a6
Status: Image is up to date for plugins/docker:latest
+ /usr/local/bin/dockerd --data-root /var/lib/docker --host=unix:///var/run/docker.sock --insecure-registry registry.loc
time="2021-09-07T13:04:36.602010898Z" level=info msg="Starting up"
time="2021-09-07T13:04:36.605405506Z" level=warning msg="could not change group /var/run/docker.sock to docker: group docker not found"
time="2021-09-07T13:04:36.610259892Z" level=info msg="libcontainerd: started new containerd process" pid=29
time="2021-09-07T13:04:36.610388628Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2021-09-07T13:04:36.610446403Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2021-09-07T13:04:36.610514816Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0  <nil>}] <nil>}" module=grpc
time="2021-09-07T13:04:36.610571050Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2021-09-07T13:04:36.655575079Z" level=info msg="starting containerd" revision=7ad184331fa3e55e52b890ea95e65ba581ae3429 version=v1.2.13 
time="2021-09-07T13:04:36.656577115Z" level=info msg="loading plugin "io.containerd.content.v1.content"..." type=io.containerd.content.v1 
time="2021-09-07T13:04:36.657369618Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.btrfs"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.657963310Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.btrfs" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 
time="2021-09-07T13:04:36.658022563Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.aufs"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.678764041Z" level=warning msg="failed to load plugin io.containerd.snapshotter.v1.aufs" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 
time="2021-09-07T13:04:36.678907305Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.native"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.679210412Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.overlayfs"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.679818099Z" level=info msg="loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.680345074Z" level=info msg="skip loading plugin "io.containerd.snapshotter.v1.zfs"..." type=io.containerd.snapshotter.v1 
time="2021-09-07T13:04:36.680387777Z" level=info msg="loading plugin "io.containerd.metadata.v1.bolt"..." type=io.containerd.metadata.v1 
time="2021-09-07T13:04:36.680601885Z" level=warning msg="could not use snapshotter btrfs in metadata plugin" error="path /var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.btrfs must be a btrfs filesystem to be used with the btrfs snapshotter" 
time="2021-09-07T13:04:36.680641334Z" level=warning msg="could not use snapshotter aufs in metadata plugin" error="modprobe aufs failed: "ip: can't find device 'aufs'\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n": exit status 1" 
time="2021-09-07T13:04:36.680680873Z" level=warning msg="could not use snapshotter zfs in metadata plugin" error="path 
/var/lib/docker/containerd/daemon/io.containerd.snapshotter.v1.zfs must be a zfs filesystem to be used with the zfs snapshotter: skip plugin" 
time="2021-09-07T13:04:36.796173535Z" level=info msg="loading plugin "io.containerd.differ.v1.walking"..." type=io.containerd.differ.v1 
time="2021-09-07T13:04:36.796269630Z" level=info msg="loading plugin "io.containerd.gc.v1.scheduler"..." type=io.containerd.gc.v1 
time="2021-09-07T13:04:36.796967826Z" level=info msg="loading plugin "io.containerd.service.v1.containers-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797036292Z" level=info msg="loading plugin "io.containerd.service.v1.content-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797113556Z" level=info msg="loading plugin "io.containerd.service.v1.diff-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797168169Z" level=info msg="loading plugin "io.containerd.service.v1.images-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797229947Z" level=info msg="loading plugin "io.containerd.service.v1.leases-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797294844Z" level=info msg="loading plugin "io.containerd.service.v1.namespaces-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797372113Z" level=info msg="loading plugin "io.containerd.service.v1.snapshots-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.797431921Z" level=info msg="loading plugin "io.containerd.runtime.v1.linux"..." type=io.containerd.runtime.v1 
time="2021-09-07T13:04:36.797979716Z" level=info msg="loading plugin "io.containerd.runtime.v2.task"..." type=io.containerd.runtime.v2 
time="2021-09-07T13:04:36.798325542Z" level=info msg="loading plugin "io.containerd.monitor.v1.cgroups"..." type=io.containerd.monitor.v1 
time="2021-09-07T13:04:36.799420111Z" level=info msg="loading plugin "io.containerd.service.v1.tasks-service"..." type=io.containerd.service.v1 
time="2021-09-07T13:04:36.799505885Z" level=info msg="loading plugin "io.containerd.internal.v1.restart"..." type=io.containerd.internal.v1 
time="2021-09-07T13:04:36.799642186Z" level=info msg="loading plugin "io.containerd.grpc.v1.containers"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.799701861Z" level=info msg="loading plugin "io.containerd.grpc.v1.content"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.799754960Z" level=info msg="loading plugin "io.containerd.grpc.v1.diff"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.799866468Z" level=info msg="loading plugin "io.containerd.grpc.v1.events"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.799920357Z" level=info msg="loading plugin "io.containerd.grpc.v1.healthcheck"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.799974745Z" level=info msg="loading plugin "io.containerd.grpc.v1.images"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800028917Z" level=info msg="loading plugin "io.containerd.grpc.v1.leases"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800083025Z" level=info msg="loading plugin "io.containerd.grpc.v1.namespaces"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800137600Z" level=info msg="loading plugin "io.containerd.internal.v1.opt"..." type=io.containerd.internal.v1 
time="2021-09-07T13:04:36.800738977Z" level=info msg="loading plugin "io.containerd.grpc.v1.snapshots"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800858858Z" level=info msg="loading plugin "io.containerd.grpc.v1.tasks"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800915765Z" level=info msg="loading plugin "io.containerd.grpc.v1.version"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.800969134Z" level=info msg="loading plugin "io.containerd.grpc.v1.introspection"..." type=io.containerd.grpc.v1 
time="2021-09-07T13:04:36.801546279Z" level=info msg=serving... address="/var/run/docker/containerd/containerd-debug.sock" 
time="2021-09-07T13:04:36.801931445Z" level=info msg=serving... address="/var/run/docker/containerd/containerd.sock" 
time="2021-09-07T13:04:36.802015260Z" level=info msg="containerd successfully booted in 0.148245s" 
time="2021-09-07T13:04:36.817284301Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2021-09-07T13:04:36.817332339Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2021-09-07T13:04:36.817368708Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0  <nil>}] <nil>}" module=grpc
time="2021-09-07T13:04:36.817392217Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2021-09-07T13:04:36.818981223Z" level=info msg="parsed scheme: \"unix\"" module=grpc
time="2021-09-07T13:04:36.819021018Z" level=info msg="scheme \"unix\" not registered, fallback to default scheme" module=grpc
time="2021-09-07T13:04:36.819053450Z" level=info msg="ccResolverWrapper: sending update to cc: {[{unix:///var/run/docker/containerd/containerd.sock 0  <nil>}] <nil>}" module=grpc
time="2021-09-07T13:04:36.819081376Z" level=info msg="ClientConn switching balancer to \"pick_first\"" module=grpc
time="2021-09-07T13:04:36.872246681Z" level=warning msg="Your kernel does not support cgroup blkio weight"
time="2021-09-07T13:04:36.872308154Z" level=warning msg="Your kernel does not support cgroup blkio weight_device"
time="2021-09-07T13:04:36.872674425Z" level=info msg="Loading containers: start."
time="2021-09-07T13:04:36.897703969Z" level=warning msg="Running modprobe bridge br_netfilter failed with message: ip: can't find device 'bridge'\nbridge                204800  1 br_netfilter\nstp                    16384  1 bridge\nllc                    16384  2 bridge,stp\nip: can't find device 'br_netfilter'\nbr_netfilter           24576  0 \nbridge                204800  1 br_netfilter\nmodprobe: can't change directory to '/lib/modules': No such file or directory\n, error: exit status 1"
time="2021-09-07T13:04:36.901094956Z" level=warning msg="Running iptables --wait -t nat -L -n failed with message: `modprobe: can't change directory to '/lib/modules': No such file or directory\niptables v1.8.3 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)\nPerhaps iptables or your kernel needs to be upgraded.`, error: exit status 3"
time="2021-09-07T13:04:36.967733272Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=moby
time="2021-09-07T13:04:36.967878131Z" level=info msg="stopping healthcheck following graceful shutdown" module=libcontainerd
time="2021-09-07T13:04:36.968022288Z" level=info msg="stopping event stream following graceful shutdown" error="context canceled" module=libcontainerd namespace=plugins.moby
failed to start daemon: Error initializing network controller: error obtaining controller instance: failed to create NAT chain DOCKER: iptables failed: iptables -t nat -N DOCKER: modprobe: can't change directory to '/lib/modules': No such file or directory
iptables v1.8.3 (legacy): can't initialize iptables table `nat': Table does not exist (do you need to insmod?)
Perhaps iptables or your kernel needs to be upgraded.
 (exit status 3)
Unable to reach Docker Daemon after 15 attempts.
Registry credentials or Docker config not provided. Guest mode enabled.
+ /usr/local/bin/docker version
Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:22:56 2020
 OS/Arch:           linux/amd64
 Experimental:      false
Cannot connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?
time="2021-09-07T13:04:52Z" level=fatal msg="exit status 1"

I found a solution that helped me,
it is necessary to prescribe:

DRONE_RUNNER_VOLUMES=/var/run/docker.sock:/var/run/docker.sock

I’ve encountered the same issue, DRONE_RUNNER_VOLUMES did fix it.

However, from the documentation, DRONE_RUNNER_VOLUMES will be mounted into every pipeline step, is there any security concerns?