How solve permission problems for docker in ubuntu?
Solution 1
Add the docker group if it doesn't already exist.
$ sudo groupadd docker
Add the connected user ${USER}
to the docker group. Change the user name to match your preferred user.
$ sudo gpasswd -a ${USER} docker
Restart the Docker daemon:
$ sudo service docker restart # Or docker.io for older versions
# 18.04+ with snap:
$ sudo systemctl restart snap.docker.dockerd
You should log out and log in again to update group permissions. To avoid that, you can switch to a subshell as follows. Or use any of the other tricks mentioned in this question:
su - $USER
Solution 2
If you're running CentOS or RedHat, you might have to disable SELinux first by running:
setenforce 0
Eiter restart afterwards to reenable SELinux or run setenforce 1
.
Solution 3
I had the same problem, due to selinux. You can check if selinux is the culprit by:
- Disabling selinux:
setenforce 0
- Retrying
If disabling selinux solved your problem, it's not a reason to leave it disabled:
- Enable selinux:
setenforce 1
- Allow the socket connection in the selinux configuration:
setsebool docker_connect_any true
- Run your Docker container with the
--priviledged
option
Solution 4
I assume, your username is already in docker group. To check this, issue below command.
id -nG
If not you need to add your user into the docker group by below command.
sudo groupadd docker
sudo usermod -aG docker $USER
When you execute the command, sudo systemctl start docker
, it creates a docker process. That docker process contains dockerd
daemon thread. The command also creates default docker.sock
Unix socket. The docker.sock
socket is continuously listened by dockerd
daemon thread. This makes you can do kernel-level IPC with docker.pid
process. To be able to use this docker socket, you need to have proper permission from the process level (docker.pid
) and file level (docker.sock
). So, executing below two commands should solve your issue.
sudo chmod a+rwx /var/run/docker.sock # You can provide just execute permission
sudo chmod a+rwx /var/run/docker.pid
Solution 5
By current version we do not need add the group docker
.
It is exist automatically by the installation. You may check using the command:
$ sudo groupadd docker
groupadd: group 'docker' already exists
So in order to manage Docker as a non-root user, just add your user to the docker group then log out and log back in so that your group membership is re-evaluated:
$ sudo usermod -aG docker $USER
$ logout
To check it when you log back in
$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
You may even force to use GROUP:docker
as your new primary group:
$ sudo chown "$USER":"docker" /home/"$USER"/.docker -R
$ sudo chmod g+rwx "$HOME/.docker" -R
$ sudo usermod -g docker ${USER}
$ logout
To check it when you log back in
$ id
uid=1001(<user_name>) gid=999(docker) groups=999(docker),...
Related videos on Youtube
Cherry
Updated on September 18, 2022Comments
-
Cherry over 1 year
I have installed docker as described here. I use Ubuntu Trusty 14.04 (LTS) (64-bit). Everything during installation was well. Also command
$ sudo docker run -i -t ubuntu /bin/bash
completes well (after I typed "exit" in opened console. But when I tryin to do something else I get "permission denied". For example:`$ sudo docker run -d -P training/webapp python app.py`
Reuslts in
Post http:///var/run/docker.sock/v1.12/containers/create: dial unix /var/run/docker.sock: permission denied
` docker info`
Reuslts in
Get http:///var/run/docker.sock/v1.12/info: dial unix /var/run/docker.sock: permission denied
How to solve this? I googled about the problem but I can not find a solution for my case.
-
obsoleter about 9 yearsI had to reboot to get this to take effect.
-
Ajay Gautam over 8 yearsDon't have to reboot, just logout and login.
-
Darth Egregious over 8 yearsLogout did it, even when
exec $SHELL
did not. I'm interested to know by which mechanism logging out resolved the issue. This isn't windows! -
Junior Mayhé almost 7 yearsIn Fedora, first you must edit
/etc/selinux/config
and putSELINUX=disabled
, then reboot Linux -
code_dredd almost 6 yearsYou can also run
newgrp docker $USER
to enter the newly added group without having to restart a new session, though this is usually a more temporary solution if you have lots of things going on. -
Francis Rodrigues about 5 yearsGreat explanation! You're the best! :)
-
Onkeltem over 2 yearsWhy can't they just get it fixed now in 2022? It's a joke...