Whilst setting up docker on my local development machine the other day I encountered a permission problem. After installing docker I found that I had this permission problem that meant I couldn't run docker using my local user accounts. I was therefore forced to run docker as sudo, which I didn't want to do every time.
This is the error I was getting.
- $ docker run hello-world
- docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock:
- Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect:
- permission denied.
- See 'docker run --help'.
It turns out that docker have a section on their website dedicated to sorting out this issue. The steps involved in correcting this problem are as follows.
Create a docker group (it doesn't matter if this already exists).
sudo groupadd docker
Add your use to the docker group.
sudo usermod -aG docker $USER
In order for that change to take effect you need to log out and back on again.
If you have completed these steps and find that you are still having problems with the permissions error then you'll need to allow more access to the docker.sock file. This can be done using the following command.
sudo chmod 666 /var/run/docker.sock
After this, you can ensure that everything works correctly using the same command as before.
- $ docker run hello-world
- Hello from Docker!
- This message shows that your installation appears to be working correctly.
- To generate this message, Docker took the following steps:
- 1. The Docker client contacted the Docker daemon.
- 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
- 3. The Docker daemon created a new container from that image which runs the
- executable that produces the output you are currently reading.
- 4. The Docker daemon streamed that output to the Docker client, which sent it
- to your terminal.
- To try something more ambitious, you can run an Ubuntu container with:
- $ docker run -it ubuntu bash
- Share images, automate workflows, and more with a free Docker ID:
- For more examples and ideas, visit:
After seeing the above your docker instance should be ready to use.
I should note that there is a small security issue regarding the ability for non-trusted users to control your docker daemon. This only applies if a user is able to create a docker instance that uses / as the shared drive, which essentially gives that docker container full access to your hard drive. If this is a concern to you it is possible to use docker as it is out of the box by wrapping the 'sudo docker' command in an alias instead of giving group access to the group. Set up the alias like this.
alias docker='sudo docker'
By setting this in your bash profile file you are effectively running docker as sudo all the time, without having to type in the 'sudo' part. This doesn't always work, especially if your docker command is being run through a bash script as it won't have picked up the alias.