loading...

Manage Docker as a non-root user

serhatteker profile image Serhat Teker Originally published at tech.serhatteker.com on ・1 min read

By default when you install Docker on Linux, you can only access the Docker daemon as the root user, or by using sudo. Since the Docker daemon binds to a Unix socket instead of a TCP port. And by default that Unix socket is owned by the user root.

Yes, typing sudo all the time could be irritating. And sure, there is a solution for this issue but you should be very cautious when using it. Another warning: Never. Ever. Use this shortcut method in a production server.

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

However this docker group grants privileges equivalent to the root user. So this is the main reason for warnings. For more details on how this impacts security in your system, see Docker Daemon Attack Surface from official Docker website.

OK, if you are sure about the risks and confirm it, let's continue:

  1. Add the docker group:

    $   sudo groupadd docker
    
  2. Add the connected user $USER to the docker group. Change the user name to match your preferred user if you do not want to use your current user:

    $   sudo gpasswd -a $USER docker
    
  3. Either do

    $ newgrp docker
    

    or log out and log in to activate the changes to groups.

  4. You can now run docker deamon without sudo prefix. To test it:

   $    docker ps -a

Discussion

pic
Editor guide