(https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-57x57.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-60x60.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-72x72.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-76x76.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-114x114.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-120x120.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-144x144.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-152x152.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-180x180.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/apple-touch-icon-120x120.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/favicon-32x32.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/android-chrome-192x192.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/favicon-96x96.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/favicon-16x16.png) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/manifest.json) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/safari-pinned-tab.svg) (https://www.baeldung.com/wp-content/themes/baeldung/favicon/linux/favicon.ico) (https://www.baeldung.com/linux/wp-content/cache/autoptimize/2/css/autoptimize_ec765a1873ebf2dd9ed0a6c5530af101.css) (https://www.baeldung.com/linux/wp-content/cache/autoptimize/2/css/autoptimize_645e25746732f92ab8912b8a07744c57.css) “Permission Denied While Trying to Connect to the Docker Daemon Socket” Error | Baeldung on Linux (https://www.baeldung.com/linux/docker-permission-denied-daemon-socket-error) (//cdn.jsdelivr.net) (//cdnjs.cloudflare.com) (https://fonts.gstatic.com) (https://cdnjs.cloudflare.com/ajax/libs/highlight.js/11.9.0/styles/ascetic.min.css?ver=4.5.4.2) (https://a.pub.network/baeldung-com/cls.css) (/linux/) (Baeldung) (The Baeldung logo) (Navigation) (Tutorials) (/linux/) (Baeldung) (The Baeldung Logo) (Baeldung) (https://www.baeldung.com/linux/) (Linux Sublogo) (https://www.baeldung.com/linux/start-here) Start Here Guides ▼ ▲ (/linux/administration-series) () Administration A collection of guides on Linux system administration (/linux/filesystem-guide) () Filesystems Learn about essential filesystem management. (/linux/processes-guide) () Processes Learn about managing Linux processes and threads (/linux/files-series) () Files Deep dive into working with Files on Linux. (/linux/scripting-series) () Scripting Basic and advanced scripting on Linux. Topics ▼ ▲ (/linux/category/installation) () Installation Learn about installing and updating Linux packages (/linux/category/networking) () Networking The building blocks for machine-to-machine communication (/linux/category/security) () Security Learn about file and user security, cryptographic keys, SSH, and SSL. About ▼ ▲ (/linux/full_archive) () Full Archive The high level overview of all the articles on the site. (/about) () About Baeldung About Baeldung. (RSS) (/linux/feed) (search) (/bael-search) (Pro) (/members/) Pro “Permission Denied While Trying to Connect to the Docker Daemon Socket” Error Last updated: March 18, 2024 () Written by: (https://www.baeldung.com/linux/author/sriramramanujam) (Posts by Sriram Ramanujam) Sriram Ramanujam () Reviewed by: (https://www.baeldung.com/linux/editor/grzegorz-author) (Reviewed by Grzegorz Piwowarek) Grzegorz Piwowarek (https://www.baeldung.com/linux/category/docker) Docker (https://www.baeldung.com/linux/tag/docker-commands) Docker Commands (https://www.baeldung.com/linux/tag/sudo) sudo DevOps Authors – All We’ve started a new DevOps area on the site. If you’re interested in writing about DevOps, check out the (/ops/contribution-guidelines) Contribution Guidelines . 1. Introduction Owing to their numerous benefits, containers have become the IT industry’s buzzword regarding technology. The (/linux/docker-image-run-container) Docker platform is the most well-known and commonly used container platform, with a sizable developer community. The permission error is the most common issue dealt with in the context of software while accessing it. In this tutorial, we’ll explore the causes of this error and provide solutions to fix it, including using (/linux/sudo-i-vs-sudo-su) sudo and adding users to the Docker group. Without any further ado, let’s get into the nitty-gritty details of it. 2. Troubleshooting the Docker Socket Connection Issue Docker Engine is a complete container runtime environment that includes the Docker CLI, Docker API, and Docker daemon. Further, the Docker daemon is a background process that runs on a host machine; it receives the request from the Docker CLI or client and connects to the Docker API for managing Docker containers, images, volumes, networks, and other Docker objects. Also, it uses the Unix Network Socket for communicating between the Docker client and daemon : $ docker run ubuntu:latest /bin/bash docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied. See 'docker run --help'. $ Copy Clients always experience this “Permission denied while trying to connect to the Docker daemon socket ” error whenever the user doesn’t have the appropriate access rights to the Docker daemon socket. Next, let’s see how we can fix this problem. 3. Changing the Permission of /var/run/docker.sock to ‘666 ‘ Is Dangerous By default, only root and the docker user-group members can access the Docker socket : $ ls -l /var/run/docker.sock srw-rw---- 1 root docker 0 May 13 06:05 /var/run/docker.sock Copy Some of us may come up with a straightforward “solution” – using the (/linux/chown-chmod-permissions) chmod command to modify the permissions of the sock file so that any user can read and write to the socket: $ sudo chmod 666 /var/run/docker.sock $ ls -l /var/run/docker.sock srw-rw-rw- 1 root docker 0 Mar 13 06:05 /var/run/docker.sock Copy After restarting the Docker service, any user can manage Docker images and start containers. This indeed evades the “permission denied ” issue: $ systemctl restart docker.service $ docker run -it ubuntu:latest /bin/bash root@fa679b3875fe:/# Copy We may think it’s convenient for users to start a Docker container. However, this permission change is potentially dangerous . An example can explain it quickly. Let’s say we have a user baeldunguser in our system. Now, let’s start the Ubuntu container and mount the host machine’s root (/ ) directory as the /host (/ops/docker-volumes) volume : baeldunguser$ docker run -it -v /:/host ubuntu:latest /bin/bash root@fa679b3875fe:/# Copy As the output above shows, we’ve entered the container’s shell successfully. Now, let’s make some changes to the /host directory, for example, creating a file: root@fa679b3875fe:/# touch /host/changed-by-docker-container.hello Copy Then, if we check the host machine, we can see the file is created in the root (/ ) directory: baeldunguser$ ls -l /changed-by-docker-container.hello -rw-r--r-- 1 root root 0 Jun 3 20:38 /changed-by-docker-container.hello Copy However, only the root user is allowed to write to the root (/ ) directory: baeldunguser$ ls -ld / drwxr-xr-x 19 root root 4096 Jun 3 20:38 / Copy Of course, we don’t want to break the system on the host machine. So, we created a file as an example. But we’ve come to the realization that the baeldunguser user has the potential to cause significant damage to the host system through a Docker container. Therefore, we shouldn’t allow anyone to read and write to the Docker socket daemon . Next, let’s see the proper solutions to the permission problem. 4. Resolving Permission Errors With Docker and User Privileges There are multiple ways to resolve this permission issue. Let’s start with a temporary solution to solve this problem. As a quick fix, we can use the sudo (superuser do) command in Linux to elevate the privileges or permissions of the user. It will further help us run the Docker commands without any issues: $ sudo docker run -it ubuntu:latest /bin/bash [sudo] password for baeldunguser: root@5a909c4c6138:/# Copy Now, follow the steps below to permanently resolve the permission issue on accessing the Docker daemon socket. First, check whether the Docker user (/linux/check-user-group-privileges) group is available on the host machine. If not, we can add it using (/linux/managing-users-groups) groupadd command: $ sudo groupadd docker $ getent group docker docker:x:999: $ awk -F':' '/docker/{print $4}' /etc/group Copy Next, let’s add the user to the Docker group, which grants the necessary access rights to the Docker daemon socket: $ sudo usermod -aG docker baeldunguser Copy To make the changes effective, we must log out of the previous session and re-enter the new session after adding the user to the docker group: $ getent group docker docker:x:999:baeldunguser $ awk -F':' '/docker/{print $4}' /etc/group baeldunguser Copy Lastly, apply the configuration changes by restarting the Docker daemon service using the (/linux/differences-systemctl-service#systemctlcommand) systemctl restart docker.service command: $ sudo systemctl restart docker.service $ sudo systemctl status docker.service ● docker.service - Docker Application Container Engine Loaded: loaded (/lib/systemd/system/docker.service; enabled; vendor preset: enabled) Active: active (running) since Mon 2023-03-13 07:23:16 IST; 2s ago Docs: https://docs.docker.com Main PID: 10196 (dockerd) Tasks: 13 CGroup: /system.slice/docker.service └─10196 /usr/bin/dockerd -H fd:// --containerd=/run/containerd/containerd.sock Copy Now, we’ve successfully executed the Docker commands from the baeldunguser userspace with appropriate privileges: $ docker run -it ubuntu:latest /bin/bash root@fa679b3875fe:/# Copy 5. Conclusion In this article, we’ve explored how to temporarily fix the Docker permission issues using the sudo command and permanently add the user to the appropriate group. Overall, by adhering to best deployment practices, users can avoid such common errors and ensure the smooth operation of their Docker environment. (2) 2 Comments Oldest Newest Inline Feedbacks View all comments View Comments Load More Comments (The Baeldung logo) Categories (/linux/category/scripting) Scripting (/linux/category/installation) Installation (/linux/category/search) Search (/linux/category/web) Web (/linux/category/files/editing) File Editing (/linux/category/files/searching) File Searching (/linux/category/files/file-conversion) File Conversion (/linux/category/docker) Docker Series (/linux/administration-series) Linux Administration (https://www.baeldung.com/linux/filesystem-guide) Linux Filesystem Guide (/linux/files-series) Linux Files (/linux/processes-guide) Linux Processes (https://www.baeldung.com/linux/security-series) Linux Security Tutorials (https://www.baeldung.com/linux/networking-series) Linux Networking Tutorials About (/about) About Baeldung (https://www.baeldung.com/linux/full_archive) The Full Archive (https://www.baeldung.com/editors) Editors (https://www.baeldung.com/partners/) Our Partners (https://www.baeldung.com/partners/work-with-us) Partner with Baeldung (https://www.baeldung.com/library/) eBooks (https://www.baeldung.com/library/faq) FAQ (/members/) Baeldung Pro (https://www.baeldung.com/terms-of-service) Terms of Service (https://www.baeldung.com/privacy-policy) Privacy Policy (https://www.baeldung.com/baeldung-company-info) Company Info (/contact) Contact (The Baeldung Logo) wpDiscuz Insert Looks like your ad blocker is on. × We rely on ads to keep creating quality content for you to enjoy for free. Please support our site by disabling your ad blocker. Disable Continue without supporting us Choose your Ad Blocker Adblock Plus Adblock Adguard Ad Remover Brave Ghostery uBlock Origin uBlock UltraBlock Other In the extension bar, click the AdBlock Plus icon Click the large blue toggle for this website Click refresh In the extension bar, click the AdBlock icon Under "Pause on this site" click "Always" In the extension bar, click on the Adguard icon Click on the large green toggle for this website In the extension bar, click on the Ad Remover icon Click "Disable on This Website" In the extension bar, click on the orange lion icon Click the toggle on the top right, shifting from "Up" to "Down" In the extension bar, click on the Ghostery icon Click the "Anti-Tracking" shield so it says "Off" Click the "Ad-Blocking" stop sign so it says "Off" Refresh the page In the extension bar, click on the uBlock Origin icon Click on the big, blue power button Refresh the page In the extension bar, click on the uBlock icon Click on the big, blue power button Refresh the page In the extension bar, click on the UltraBlock icon Check the "Disable UltraBlock" checkbox Please disable your Ad Blocker Go Back