Docker.Sock Permission Denied

docker.sock permission denied

For those new to the shell, the command:

$ sudo usermod -aG docker $USER

needs to have $USER defined in your shell. This is often there by default, but you may need to set the value to your login id in some shells.

---

Changing the groups of a user does not change existing logins, terminals, and shells that a user has open. To avoid performing a login again, you can simply run:

$ newgrp docker

to get access to that group in your current shell.

---

Once you have done this, the user effectively has root access on the server, so only do this for users that are trusted with unrestricted sudo access.

How to fix docker: Got permission denied issue

If you want to run docker as non-root user then you need to add it to the docker group.

1. Create the docker group if it does not exist

$ sudo groupadd docker

2. Add your user to the docker group.

$ sudo usermod -aG docker $USER

3. Run the following command or Logout and login again and run (that doesn't work you may need to reboot your machine first)

$ newgrp docker

4. Check if docker can be run without root

$ docker run hello-world

Reboot if still got error

$ reboot

Warning

The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..

Taken from the docker official documentation:
manage-docker-as-a-non-root-user

Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

If using jenkins

The user jenkins needs to be added to the group docker:

sudo usermod -a -G docker jenkins

Then restart Jenkins.

Otherwise

If you arrive to this question of stack overflow because you receive this message from docker, but you don't use jenkins, most probably the error is the same: your unprivileged user does not belong to the docker group.

You can do:

sudo usermod -a -G docker [user]

Insert your user name where [user] is.

You can check it was successful by doing grep docker /etc/group and see something like this:

docker:x:998:[user]

in one of the lines.

Then change your users group ID to docker:

newgrp docker

Finally, log out and log in again

Docker socket not accessible due to file permissions

When you specify a group with this option:

--user $(id -u):$(id -g)

that is the only group assigned to the user, it ignores everything else specified in /etc/group. Normally you can specify just the user and the group ids will be configured from /etc/passwd and /etc/group. That would look like:

--user $(id -u)

Unfortunately, I believe this is done based on the files in the image, before the volume is mounted. So you need to manually add additional groups with --group-add, and for the docker socket you need the docker group (you may need to replace that with the gid):

--group-add docker

Why do I still getting error, Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock?

It worked after running the container as root user ie: docker run -u root ...

Portainer: Got permission denied while trying to connect to the Docker daemon socket

If it is a SELinux issue, try first to follow portainer/portainer issue 849

Correct way is to add :z to the volume mapping, so you're not defeating the purpose of docker.

Like so:

docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock:z portainer/portainer

Also we need a way to add the z or Z flag in Portainer for new containers. This has been a feature since 1.7 e.g. 2015 in Docker.

That, or using dpw/selinux-dockersock

---

Related Topics