Running Docker on Ubuntu2 min read
Recently, I install Docker on Ubuntu. Installation was quite straightforward but when I tried to run a command, it spat this error back at me:
Got permission denied while trying to connect to the Docker daemon...
Why does the error occur?
When the Docker deamon starts, it creates /var/run/docker.sock
as a Unix socket to which a client application can connect. When a Docker command runs on Linux, the docker
binary tries to connect to /var/run/docker.sock
. The owner, group and permissions of this socket can be inspected using the stat
command.
$ stat /var/run/docker.sock
# Output
# File: /var/run/docker.sock
# Size: 0 Blocks: 0 IO Block: 4096 socket
# Device: 19h/25d Inode: 1398 Links: 1
# Access: (0660/srw-rw----) Uid: ( 0/ root) Gid: ( 998/ docker)
# Access: 2022-05-11 14:59:57.898640330 +0100
# Modify: 2022-05-11 14:59:15.842638084 +0100
# Change: 2022-05-11 14:59:15.878638086 +0100
# Birth: -
The point of interest in that output is Uid: ( 0/ root) Gid: (998/ docker)
(the group ID may differ). This tells us that the Docker socket is owned by root
user and accessible to the docker
user group. Given the permissions Access: (0660/srw-rw----)
, both the owner (root
) and the group (docker
) can read and write to the Docker socket. This means that if one is neither root
nor a member of the docker
group, they cannot access this socket.
Note that the Docker daemon dockerd
always runs as root
, which you can check like so:
$ ps aux | grep dockerd
# root 1347 0.0 0.4 1530856 77744 ? Ssl 14:59 0:00 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock
The fix
Joining the docker
user group should allow you to run docker
commands as non-root user. Logout and log back in again after running this command (or terminate your SSH session and re-connect) to have the group change take effect.
$ sudo usermod -aG docker $USER
To check if that worked, list all the groups of which your user is a member. You should see docker
amongst others.
$ groups
# Output
# ash adm cdrom sudo dip plugdev lpadmin lxd sambashare docker
No docker user group?
Create one.
$ sudo groupadd docker
$ sudo systemctl restart docker # Restart Docker service