How solve permission problems for docker in ubuntu?

36

11

I have installed docker as described here. I use Ubuntu Trusty 14.04 (LTS) (64-bit). Everything during installation was well. Also command $ sudo docker run -i -t ubuntu /bin/bash completes well (after I typed "exit" in opened console. But when I tryin to do something else I get "permission denied". For example:

`$ sudo docker run -d -P training/webapp python app.py`

Reuslts in Post http:///var/run/docker.sock/v1.12/containers/create: dial unix /var/run/docker.sock: permission denied

` docker info`

Reuslts in Get http:///var/run/docker.sock/v1.12/info: dial unix /var/run/docker.sock: permission denied

How to solve this? I googled about the problem but I can not find a solution for my case.

Cherry

Posted 2014-11-04T10:05:21.037

Reputation: 797

Answers

52

Add the docker group if it doesn't already exist.

$ sudo groupadd docker

Add the connected user ${USER} to the docker group. Change the user name to match your preferred user.

$ sudo gpasswd -a ${USER} docker

Restart the Docker daemon:

$ sudo service docker restart # Or docker.io for older versions
# 18.04+ with snap:
$ sudo systemctl restart snap.docker.dockerd

You should log out and log in again to update group permissions. To avoid that, you can switch to a subshell as follows. Or use any of the other tricks mentioned in this question:

su - $USER

pyprism

Posted 2014-11-04T10:05:21.037

Reputation: 621

15I had to reboot to get this to take effect. – obsoleter – 2015-03-10T14:42:32.517

8Don't have to reboot, just logout and login. – Ajay Gautam – 2015-12-15T19:24:48.950

2Logout did it, even when exec $SHELL did not. I'm interested to know by which mechanism logging out resolved the issue. This isn't windows! – Darth Egregious – 2016-02-06T02:43:11.413

1In Fedora, first you must edit /etc/selinux/config and put SELINUX=disabled, then reboot Linux – Junior M – 2017-05-10T20:16:16.737

You can also run newgrp docker $USER to enter the newly added group without having to restart a new session, though this is usually a more temporary solution if you have lots of things going on. – code_dredd – 2018-05-29T16:48:42.180

1Great explanation! You're the best! :) – Francis Rodrigues – 2019-04-14T03:31:26.360

5

If you're running CentOS or RedHat, you might have to disable SELinux first by running:

setenforce 0

Eiter restart afterwards to reenable SELinux or run setenforce 1.

joelschmid

Posted 2014-11-04T10:05:21.037

Reputation: 239

4

I had the same problem, due to selinux. You can check if selinux is the culprit by:

  1. Disabling selinux: setenforce 0
  2. Retrying

If disabling selinux solved your problem, it's not a reason to leave it disabled:

  1. Enable selinux: setenforce 1
  2. Allow the socket connection in the selinux configuration: setsebool docker_connect_any true
  3. Run your Docker container with the --priviledged option

Paul Podgorsek

Posted 2014-11-04T10:05:21.037

Reputation: 141

3

I assume, your username is already in docker group. To check this, issue below command.

id -nG

If not you need to add your user into the docker group by below command. 

sudo groupadd docker
sudo usermod -aG docker $USER

When you execute the command, sudo systemctl start docker, it creates a docker process. That docker process contains dockerd daemon thread. The command also creates default docker.sock Unix socket. The docker.sock socket is continuously listened by dockerd daemon thread. This makes you can do kernel-level IPC with docker.pid process. To be able to use this docker socket, you need to have proper permission from the process level (docker.pid) and file level (docker.sock). So, executing below two commands should solve your issue. sudo chmod a+rwx /var/run/docker.sock # You can provide just execute permission sudo chmod a+rwx /var/run/docker.pid

Uddhav Gautam

Posted 2014-11-04T10:05:21.037

Reputation: 221

1

By current version we do not need add the group docker.
It is exist automatically by the installation. You may check using the command:

$ sudo groupadd docker
groupadd: group 'docker' already exists

So in order to manage Docker as a non-root user, just add your user to the docker group then log out and log back in so that your group membership is re-evaluated:

$ sudo usermod -aG docker $USER
$ logout

To check it when you log back in

$ docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.

You may even force to use GROUP:docker as your new primary group:

$ sudo chown "$USER":"docker" /home/"$USER"/.docker -R
$ sudo chmod g+rwx "$HOME/.docker" -R
$ sudo usermod -g docker ${USER}
$ logout

To check it when you log back in

$ id
uid=1001(<user_name>) gid=999(docker) groups=999(docker),...

Chetabahana

Posted 2014-11-04T10:05:21.037

Reputation: 121

Asked: 2014-11-04T10:05:21.037

Viewed: 50 138 times

Active: 2019-03-20T05:44:21.543