Information
You should verify that the TLS CA certificate file (the file that is passed along with the --tlscacert parameter) is individually owned and group owned by root.
Rationale:
The TLS CA certificate file should be protected from any tampering. It is used to authenticate the Docker server based on a given CA certificate. It must be therefore be individually owned and group owned by root to ensure that it cannot be modified by less privileged users.
Impact:
None.
Solution
You should execute the following command:
chown root:root <path to TLS CA certificate file>
This sets the individual ownership and group ownership for the TLS CA certificate file to root.
Default Value:
By default, the ownership and group-ownership for TLS CA certificate file is correctly set to root.