loading...

Docker without sudo

nabbisen profile image Heddi Nabbisen ・2 min read

Summary

Docker requires administrative privilege by default in some Linux distros.
Therefore, in their cases, "permission denied" happens when using docker subcommands.

$ docker pull centos:centos8
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/create?fromImage=centos&tag=centos8": dial unix /var/run/docker.sock: connect: permission denied

$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json": dial unix /var/run/docker.sock: connect: permission denied

$ docker build --tag image-name:version . -f ./some.dockerfile
ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied 
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/...": dial unix /var/run/docker.sock: connect: permission denied

They are solved by using sudo.
Well, so as not to use sudo frequently in development, it would be useful to let users be members of docker.


Reference

docs.docker.com says:

The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.


How-to

Here is how to do it. Replace "$MY_USER" with the real user name, please.

$ # check if docker group exists
$ cat /etc/group | grep docker
docker:x:***:
$ # if it doesn't, create with this command:
$ #sudo groupadd docker

$ # add the current user to docker group
$ sudo usermod -a -G docker $MY_USER
$ # validate it
$ cat /etc/group | grep docker
docker:x:***:$MY_USER

$ # logout, and login again
$ #xfce4-session-logout, gnome-session-quit, i3-msg exit, ...

Then, it might get more comfortable :)

$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

$ docker container ls
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES

Posted on Apr 16 '19 by:

nabbisen profile

Heddi Nabbisen

@nabbisen

An ICT designer/developer and a security monk. "With a cool brain and a warm heart", I am challenging unsolved problems in our society. I use OpenBSD/Rust/etc.

Discussion

markdown guide