Is it possible to use docker without sudo?
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
Warning:
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
If you still want to run docker without sudo
:
-
Add the docker group if it doesn't already exist:
sudo groupadd docker
-
Add the connected user "$USER" to the docker group. Change the user name to match your preferred user if you do not want to use your current user:
sudo usermod -aG docker $USER
-
Either do a
newgrp docker
or log out/in to activate the changes to groups (If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect). -
You can use
docker run hello-world
to check if you can run docker without sudo.
PS:
If you initially ran Docker CLI commands using sudo
before adding your user to the docker
group, you may see the following error, which indicates that your ~/.docker/
directory was created with incorrect permissions due to the sudo
commands.
WARNING: Error loading config file: /home/user/.docker/config.json -
stat /home/user/.docker/config.json: permission denied
To fix this problem, either remove the ~/.docker/
directory (it is recreated automatically, but any custom settings are lost), or change its ownership and permissions using the following commands:
sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
sudo chmod g+rwx "$HOME/.docker" -R
Once finished, you need to restart your session/re-login sudo su $USER
to use docker without sudo
.
Source: Docker documentation
alle_meije
Updated on September 18, 2022Comments
-
alle_meije over 1 year
According to the answers of this question about docker, running it as a non-root is as easy as adding the non-root username to the
docker
group, and logging out and back in. And sure enough, when I used it assudo
for thehello-world
image that went well. But for another test image calledwhalefortune
I still get theaccess denied
error -- see below.Is it not generally possible any more to run docker as non-root? I am using Ubuntu 19.04, which is a later version than the examples, and there were mentions of a possible security breach running dockers as non-root.
My idea was to run nvidia-docker as a normal user, would that be possible (or even a good idea)?
$ sudo docker run --rm hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world 1b930d010525: Pull complete Digest: sha256:6540fc08ee6e6b7b63468dc3317e3303aae178cb8a45ed3123180328bcc1d20f Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ $ docker run --rm dbkdoc/whalefortune docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied. See 'docker run --help'.
-
alle_meije over 4 yearsIt's very clear and I did all those steps, thanks. But I still get a "permission denied" error as non-root. It turns out they work after a reboot (maybe even after only logging out), but not before -- not in new terminal / shell sessions during the same login.
-
Rinzwind over 4 yearsah the stupid reboot again? :D It should NOT be needed.
-
-
alle_meije over 4 yearsThanks! My user (amwink) is member of
docker
:$ groups amwink
givesamwink : amwink adm cdrom sudo dip plugdev lpadmin sambashare docker
. But I still get the messagedocker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
... -
singrium over 4 yearsPlease make sure of your docker version. if it is 19.03 or upwards, it means that you still don't have permissions to run docker as non root, so you have to repeat the instructions then log out/reboot/disconnect from SSH session then try again. More details about the error: link
-
alle_meije over 4 yearsYup, it's
Docker version 19.03.1, build 74b1e89e8a
. And yup, that did the trick - thanks! -
fIwJlxSzApHEZIl almost 4 yearsI'd like to help someone else who comes along if possible. This solves the error you get when trying to deploy with docker and with local AWS credentials:
Unable to locate credentials.
The issue is that when running docker as root, it doesn't have access to your user's credentials where they're stored~/.aws/credentials
. Running docker as non-root, or as yourself, fixes the issue. This was a HUGE headache for me. Thanks singrium! -
singrium almost 4 years@anon58192932, glad it helped you :)
-
Diogo Constantino over 2 yearsYou'll need to restart docker and to use a new user session for it to work.
-
singrium over 2 yearsThank you @DiogoConstantino, I updated the answer.