Summary
Docker requires administrative privilege by default on some Linux distros.
Therefore, in their cases, “permission denied” happens when using docker subcommands.
$ docker pull centos:centos8
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/create?fromImage=centos&tag=centos8": dial unix /var/run/docker.sock: connect: permission denied
$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json": dial unix /var/run/docker.sock: connect: permission denied
$ docker build --tag image-name:version . -f ./some.dockerfile
ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/...": dial unix /var/run/docker.sock: connect: permission denied
They are solved by using sudo.
Well, so as not to use sudo frequently in development, it would be useful to let users be members of docker.
Reference
docs.docker.com says:
The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user
rootand other users can only access it usingsudo. The Docker daemon always runs as therootuser.If you don’t want to preface the
dockercommand withsudo, create a Unix group calleddockerand add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of thedockergroup.
How-to
Here is how to do it. Replace “$MY_USER” with the real user name, please.
Validate docker group exists
See your group list:
$ cat /etc/group | grep docker
docker:x:***:
When it isn’t found’t, create first:
$ #sudo groupadd docker
Add the current user to docker group
Invite your user to docker group:
$ sudo usermod -a -G docker $MY_USER
Validate:
$ cat /etc/group | grep docker
docker:x:***:$MY_USER
Logout, and login again
With GUI or runnning some command-line such as:
$ #exec: xfce4-session-logout, gnome-session-quit, i3-msg exit, ...
Conclusion
After all, it might get more comfortable, because the command-lines which failed will be successful :)
$ docker image ls
REPOSITORY TAG IMAGE ID CREATED SIZE
$ docker container ls
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES