How to fix docker: Got permission denied issue


Translate

I installed Docker in my machine where I have Ubuntu OS. After than I installed docker, when I run

sudo docker run hello-world

All it's ok, but I want to hide the word sudo to make more short the command.

If I write the command without the word sudo

docker run hello-world

That display the following:

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.See 'docker run --help'.

It's happened the same when I try to make

docker-compose up

How can I resolve this?



All Answers
  • Translate

    If you want to run docker as non-root user then you need to add it to the docker group.

    1. Create the docker group.
    $ sudo groupadd docker
    
    1. Add your user to the docker group.
    $ sudo usermod -aG docker $USER
    
    1. Logout and login again and run.
    $ docker run hello-world
    

    Taken from the docker official documentation: manage-docker-as-a-non-root-user


  • Translate

    After an upgrade I got the permission denied. Doing the steps of 'mkb' post install steps don't have change anything because my user was already in the 'docker' group; I retry-it twice any way without success.

    After an search hour this following solution finaly worked :

    sudo chmod 666 /var/run/docker.sock
    

    Solution came from Olshansk.

    Look like the upgrade have recreate the socket without enough permission for the 'docker' group.

    Problems

    This hard chmod open security hole and after each reboot, this error start again and again and you have to re-execute the above command each time. I want a solution once and for all. For that you have two problems :

    • 1) Problem with SystemD : The socket will be create only with owner 'root' and group 'root'.

      You can check this first problem with this command :

      ls -l /lib/systemd/system/docker.socket
      

      If every this is good, you should see 'root/docker' not 'root/root'.

    • 2 ) Problem with graphical Login : https://superuser.com/questions/1348196/why-my-linux-account-only-belongs-to-one-group

      You can check this second problem with this command :

      groups
      

      If everything is correct you should see the docker group in the list. If not try the command

      sudo su $USER  -c groups
      

      if you see then the docker group it is because of the bug.

    Solutions

    If you manage to to get a workaround for the graphical login, this should do the job :

    sudo chgrp docker /lib/systemd/system/docker.socket
    sudo chmod g+w /lib/systemd/system/docker.socket
    

    But If you can't manage this bug, a not so bad solution could be this :

    sudo chgrp $USER /lib/systemd/system/docker.socket
    sudo chmod g+w /lib/systemd/system/docker.socket
    

    This work because you are in a graphical environnement and probably the only user on your computer. In both case you need a reboot (or an sudo chmod 666 /var/run/docker.sock)


  • Translate
    1. add docker group
    $ sudo groupadd docker
    
    1. add your current user to docker group
    $ sudo usermod -aG docker $USER
    

    3.switch session to docker group

    $newgrp - docker
    
    1. run
    $docker run hello-world
    

  • Translate
    1. Add current user to docker group
    sudo usermod -aG docker $USER
    
    1. Change the permissions of docker socket to be able to connect to the docker daemon /var/run/docker.sock
    sudo chmod 666 /var/run/docker.sock
    

  • Translate

    I solve this error with the command :

    $ sudo chmod 666 /var/run/docker.sock
    

  • Translate

    use this command

    sudo usermod -aG docker $USER
    

    then restart your computer this worked for me.


  • Translate

    lightdm and kwallet ship with a bug that seems to not pass the supplementary groups at login. To solve this, I also, beside sudo usermod -aG docker $USER, had to comment out

    auth optional pam_kwallet.so
    auth optional pam_kwallet5.so
    

    to

    #auth optional pam_kwallet.so
    #auth optional pam_kwallet5.so
    

    in /etc/pam.d/lightdm before rebooting, for the docker-group to actually have effect.

    bug: https://bugs.launchpad.net/lightdm/+bug/1781418 and here: https://bugzilla.redhat.com/show_bug.cgi?id=1581495


  • Translate

    To fix that issue, I searched where is my docker and docker-compose installed. In my case, docker was installed in /usr/bin/docker and docker-compose was installed in /usr/local/bin/docker-compose path. Then, I write this in my terminal:

    To docker:

    sudo chmod +x /usr/bin/docker
    

    To docker-compose:

    sudo chmod +x /usr/local/bin/docker-compose
    

    Now I don't need write in my commands docker the word sudo

    /***********************************************************************/

    ERRATA:

    The best solution of this issue was commented by @mkasberg. I quote comment:

    That might work, you might run into issues down the road. Also, it's a security vulnerability. You'd be better off just adding yourself to the docker group, as the docs say. sudo groupadd docker, sudo usermod -aG docker $USER. Docs: https://docs.docker.com/install/linux/linux-postinstall/

    Thanks a lot!


  • Translate

    Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json: dial unix /var/run/docker.sock: connect: permission denied

    sudo chmod 666 /var/run/docker.sock
    

    This fix my problem.