Home Docker How To Run Docker As Non-root User In Linux

How To Run Docker As Non-root User In Linux

By sk
Published: Last Updated on 20.8K views

Installing Docker on Ubuntu is very easy! Anyone, even the newbies, can install it within 15 minutes. After installed Docker, I noticed that I couldn't perform most Docker operations as a normal user. I had to run Docker either as "root" user or with "sudo" permission every time. Whenever I tried to run Docker as non-root user or without sudo permission, I get the following error:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/version: dial unix /var/run/docker.sock: connect: permission denied

For instance, I wanted to check the Docker version as normal user using command:

$ docker version

And, I get this error message:

Client: Docker Engine - Community
Version: 19.03.8
API version: 1.40
Go version: go1.12.17
Git commit: afacb8b7f0
Built: Wed Mar 11 01:25:46 2020
OS/Arch: linux/amd64
Experimental: false
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/version: dial unix /var/run/docker.sock: connect: permission denied

But when I run the same command with sudo permission;

$ sudo docker version

It displays the whole details of the currently installed Docker version as shown in the below output.

Client: Docker Engine - Community
 Version:           19.03.8
 API version:       1.40
 Go version:        go1.12.17
 Git commit:        afacb8b7f0
 Built:             Wed Mar 11 01:25:46 2020
 OS/Arch:           linux/amd64
 Experimental:      false

Server: Docker Engine - Community
 Engine:
  Version:          19.03.8
  API version:      1.40 (minimum version 1.12)
  Go version:       go1.12.17
  Git commit:       afacb8b7f0
  Built:            Wed Mar 11 01:24:19 2020
  OS/Arch:          linux/amd64
  Experimental:     false
 containerd:
  Version:          1.2.13
  GitCommit:        7ad184331fa3e55e52b890ea95e65ba581ae3429
 runc:
  Version:          1.0.0-rc10
  GitCommit:        dc9208a3303feef5b3839f4323d9beb36df0a9dd
 docker-init:
  Version:          0.18.0
  GitCommit:        fec3683
Got permission denied while trying to connect to the Docker daemon socket at unix
Error - Got permission denied while trying to connect to the Docker daemon socket at unix

After searching in the Docker documentation page, I realized that the Docker daemon binds to a Unix socket instead of a TCP port by default. Since that Unix socket is owned by the root user, the Docker daemon will only run as the root user. Hence, the normal users can't perform most Docker commands.

If you want to run Docker as non-root user in Linux, you need to do the following steps. I tested this on Ubuntu 18.04 server and it worked just fine! It should also work on other Linux distributions as well.

Important Warning:

Running Docker as regular user is not a good idea for security. I personally do not use this and do not recommend it as well. If it is your personal system and you don't expose your system to Internet, it is not a big deal. However, do not run Docker as non-root user in a production system.

Run Docker As Non-root User In Linux

To fix the Docker permission denied error and use Docker as non-root user, create a group called "docker" with the following command:

$ sudo groupadd docker

Next, add your user to the docker group:

$ sudo usermod -aG docker $USER

After adding the user to the docker group, log out and log back in to take effect the changes.

Alternatively, run the following command to apply the changes to groups:

$ newgrp docker

From now on, the normal (non-root) user can be able to use Docker without sudo permissions.

Let me run the following commands as normal user:

$ docker version
$ docker run hello-world

Sample output:

Run Docker As Non-root User In Linux
Run Docker As Non-root User In Linux

See? I can now run those both Docker commands without sudo permission.

Just in case, you already ran a few Docker commands with 'sudo' permission before adding your user to the Docker group, you will probably see an error something like below.

WARNING: Error loading config file: /home/user/.docker/config.json -
stat /home/user/.docker/config.json: permission denied

The above error message indicates that your ~/.docker/ directory was created with incorrect permissions due to the 'sudo' commands.

To fix this problem, change this directory ownership and permissions using the following commands:

$ sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
$ sudo chmod g+rwx "$HOME/.docker" -R

Log out and log back in for this to take effect.

If it still doesn't fix the issue, you might need to remove your ~/.docker/ directory. It will be recreated automatically, but you will lose all custom settings, if there are any.

Resource:

You May Also Like

3 comments

Tobin Davis April 11, 2020 - 6:20 am

The problem with this is that it can potentially expose your system to root access. Simply run ‘docker run -it -v /:/opt/host debian bash’ and you can read/write to any file as root through /opt/host inside of your docker container. On a personal system, this isn’t too big of a problem, but in a managed user environment where you don’t want users to have root access or access to private information of other users (ssh keys for example), this can be a big issue.

Reply
sk April 11, 2020 - 11:39 am

Agreed.

Reply
DrMartinus January 13, 2021 - 9:26 pm

Are there alternatives to a secure user-only docker access without the risk of opening the server to them?

Reply

Leave a Comment

* By using this form you agree with the storage and handling of your data by this website.

This site uses Akismet to reduce spam. Learn how your comment data is processed.

This website uses cookies to improve your experience. By using this site, we will assume that you're OK with it. Accept Read More