Software

Running Docker on Ubuntu2 min read

Reading Time: 2 minutes Recently, I install Docker on Ubuntu. Installation was quite straightforward but when I tried to run a command, it spat an error back at me that had me perplexed.

May 11, 2022 2 min

Running Docker on Ubuntu2 min read

Reading Time: 2 minutes

Recently, I install Docker on Ubuntu. Installation was quite straightforward but when I tried to run a command, it spat this error back at me:

Got permission denied while trying to connect to the Docker daemon...

Why does the error occur?

When the Docker deamon starts, it creates /var/run/docker.sock as a Unix socket to which a client application can connect. When a Docker command runs on Linux, the docker binary tries to connect to /var/run/docker.sock. The owner, group and permissions of this socket can be inspected using the stat command.

$ stat /var/run/docker.sock

# Output

#   File: /var/run/docker.sock
#   Size: 0             Blocks: 0          IO Block: 4096   socket
# Device: 19h/25d    Inode: 1398        Links: 1
# Access: (0660/srw-rw----)  Uid: (    0/    root)   Gid: (  998/  docker)
# Access: 2022-05-11 14:59:57.898640330 +0100
# Modify: 2022-05-11 14:59:15.842638084 +0100
# Change: 2022-05-11 14:59:15.878638086 +0100
#  Birth: -

The point of interest in that output is Uid: ( 0/ root) Gid: (998/ docker) (the group ID may differ). This tells us that the Docker socket is owned by root user and accessible to the docker user group. Given the permissions Access: (0660/srw-rw----), both the owner (root) and the group (docker) can read and write to the Docker socket. This means that if one is neither root nor a member of the docker group, they cannot access this socket.

Note that the Docker daemon dockerd always runs as root, which you can check like so:

$ ps aux | grep dockerd
# root        1347  0.0  0.4 1530856 77744 ?       Ssl  14:59   0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock

The fix

Joining the docker user group should allow you to run docker commands as non-root user. Logout and log back in again after running this command (or terminate your SSH session and re-connect) to have the group change take effect.

$ sudo usermod -aG docker $USER

To check if that worked, list all the groups of which your user is a member. You should see docker amongst others.

$ groups

# Output
# ash adm cdrom sudo dip plugdev lpadmin lxd sambashare docker

No docker user group?

Create one.

$ sudo groupadd docker
$ sudo systemctl restart docker   # Restart Docker service