docker.sock permission denied
For those new to the shell, the command:
$ sudo usermod -aG docker $USER
needs to have $USER
defined in your shell. This is often there by default, but you may need to set the value to your login id in some shells.
Changing the groups of a user does not change existing logins, terminals, and shells that a user has open. To avoid performing a login again, you can simply run:
$ newgrp docker
to get access to that group in your current shell.
Once you have done this, the user effectively has root access on the server, so only do this for users that are trusted with unrestricted sudo access.
How to fix docker: Got permission denied issue
If you want to run docker as non-root user then you need to add it to the docker group.
- Create the docker group if it does not exist
$ sudo groupadd docker
- Add your user to the docker group.
$ sudo usermod -aG docker $USER
- Run the following command or Logout and login again and run (that doesn't work you may need to reboot your machine first)
$ newgrp docker
- Check if docker can be run without root
$ docker run hello-world
Reboot if still got error
$ reboot
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..
Taken from the docker official documentation:
manage-docker-as-a-non-root-user
Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
If using jenkins
The user jenkins
needs to be added to the group docker
:
sudo usermod -a -G docker jenkins
Then restart Jenkins.
Otherwise
If you arrive to this question of stack overflow because you receive this message from docker, but you don't use jenkins, most probably the error is the same: your unprivileged user does not belong to the docker group.
You can do:
sudo usermod -a -G docker [user]
Insert your user name where [user]
is.
You can check it was successful by doing grep docker /etc/group
and see something like this:
docker:x:998:[user]
in one of the lines.
Then change your users group ID to docker
:
newgrp docker
Finally, log out and log in again
Docker socket not accessible due to file permissions
When you specify a group with this option:
--user $(id -u):$(id -g)
that is the only group assigned to the user, it ignores everything else specified in /etc/group
. Normally you can specify just the user and the group ids will be configured from /etc/passwd and /etc/group. That would look like:
--user $(id -u)
Unfortunately, I believe this is done based on the files in the image, before the volume is mounted. So you need to manually add additional groups with --group-add, and for the docker socket you need the docker group (you may need to replace that with the gid):
--group-add docker
Why do I still getting error, Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock?
It worked after running the container as root user ie: docker run -u root ...
Portainer: Got permission denied while trying to connect to the Docker daemon socket
If it is a SELinux issue, try first to follow portainer/portainer
issue 849
Correct way is to add :z to the volume mapping, so you're not defeating the purpose of docker.
Like so:
docker run -d -p 9000:9000 -v /var/run/docker.sock:/var/run/docker.sock:z portainer/portainer
Also we need a way to add the z or Z flag in Portainer for new containers. This has been a feature since 1.7 e.g. 2015 in Docker.
That, or using dpw/selinux-dockersock
Related Topics
[ :Unexpected Operator in Shell Programming
How to Run a Perl Script as a System Daemon in Linux
Get Most Recent File in a Directory on Linux
Avoid Gnome-Terminal Close After Script Execution
How to Normalize a File Path in Bash
How to Instruct Cron to Execute a Job Every Second Week
How to Use Debug Version of Libc
How to Use the Lines of a File as Arguments of a Command
How to Deal With a Filename That Starts With the Hyphen (-) Character
Bash Function to Find Newest File Matching Pattern
What's the Difference Between "Statically Linked" and "Not a Dynamic Executable" from Linux Ldd
Imagemagick Security Policy 'Pdf' Blocking Conversion
How to Kill All Processes With a Given Partial Name
Recursively Look For Files With a Specific Extension
How to Preserve Line Breaks When Storing Command Output to a Variable