Summary
Docker requires administrative privilege by default on some Linux distros.
Therefore, in their cases, “permission denied” happens when using docker
subcommands.
$ docker pull centos:centos8
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/create?fromImage=centos&tag=centos8": dial unix /var/run/docker.sock: connect: permission denied
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json": dial unix /var/run/docker.sock: connect: permission denied
$ docker build --tag image-name:version . -f ./some.dockerfile
ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/...": dial unix /var/run/docker.sock: connect: permission denied
They are solved by using sudo
.
Well, so as not to use sudo
frequently in development, it would be useful to let users be members of docker
.
Reference
docs.docker.com says:
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user
root
and other users can only access it usingsudo
. The Docker daemon always runs as theroot
user.If you don’t want to preface the
docker
command withsudo
, create a Unix group calleddocker
and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of thedocker
group.
How-to
Here is how to do it. Replace “$MY_USER” with the real user name, please.
Validate docker group exists
See your group list:
$ cat /etc/group | grep docker
docker:x:***:
When it isn’t found’t, create first:
$ #sudo groupadd docker
Add the current user to docker group
Invite your user to docker
group:
$ sudo usermod -a -G docker $MY_USER
Validate:
$ cat /etc/group | grep docker
docker:x:***:$MY_USER
Logout, and login again
With GUI or runnning some command-line such as:
$ #exec: xfce4-session-logout, gnome-session-quit, i3-msg exit, ...
Conclusion
After all, it might get more comfortable, because the command-lines which failed will be successful :)
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES