Reputation: 13088
How to fix "dial unix /var/run/docker.sock: connect: permission denied" when group permissions seem correct?
I'm suddenly having issues after an update of Ubuntu 18.04: previously I've used docker without issue on the system, but suddenly I cannot. As far as I can tell, the permissions look correct:
$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.
$ ls -last /var/run/docker.sock
0 srw-rw---- 1 root docker 0 Jul 14 09:10 /var/run/docker.sock
$ whoami
brandon
$ cat /etc/group | grep docker
docker:x:995:brandon
nvidia-docker:x:994:
EDIT:
Group information:
$ groups
brandon
$ groups brandon
brandon : brandon adm cdrom sudo dip plugdev games lpadmin sambashare docker
$ whoami
brandon
Update
I've already rebooted my system to apply the docker group. Still with that problem.
Since the original post where I upgraded a system from 17.04 to 18.04, I've done two upgrades from 16.04 to 18.04, and neither of the later systems had the issue. So it might be something to do with the 17.04 to 18.04 upgrade process. I've yet to perform a fresh 18.04 installation.
Upvotes: 223
Views: 312214
Answers (16)
Reputation: 48406
For current user, simple
sudo setfacl -m "user:$USER:rw" /var/run/docker.sock
More details could be found in Manage Docker as a non-root user
Upvotes: 2
Reputation: 263736
Specific to Ubuntu, there is a known issue with lightdm that removes secondary groups from the user as part of the GUI login. You can follow that issue here: https://bugs.launchpad.net/lightdm/+bug/1781418
You can try switching off of lightdm or apply the workaround mentioned in the bug report:
[Comment out the below lines from /etc/pam.d/lightdm:]
auth optional pam_kwallet.so auth optional pam_kwallet5.so
Temporary options include logging into your machine with something like an ssh or su -l command, or running the newgrp docker command. These will only affect the current shell and would need to be done again with each new terminal.
Outside of this issue, the general commands to give a user direct access to the docker socket (and therefore root access to the host) are:
sudo usermod -aG docker $(id -un) # you can often use $USER in place of the id command
newgrp docker # affects the current shell, logging out should affect all shells
Upvotes: 3
Reputation: 929
All of above solutions are working, but are not persistent after system reboot, which was most important for me. I was seraching for persistent solution and only thing what works for me is to change SocketMode to 0666 in file '/lib/systemd/system/docker.socket'
...
SocketMode=0666
...
after changing this file we need to restart the service
sudo systemctl daemon-reload
sudo systemctl restart docker.socket
Now the permission will be properly set by service itself after service restart.
Upvotes: 0
Reputation: 843
For ubuntu 20.04
Step1 : Check Ubuntu user
echo $USER
Step2 : give rw permission to docker
sudo setfacl --modify user:<user_name>:rw /var/run/docker.sock
Example
Getting error
Solution
Upvotes: 6
Reputation: 11
This issue is resolved by following the process below
Check whether the "docker" group is created or not
cmd:
cat /etc/group | grep dockeroutput:
docker:x:995Check the permissions of "/var/run/docker.sock" file
cmd:
ls -l /var/run/docker.sockoutput:
rw-rw---- 1 root root 0 Jul 14 09:10 /var/run/docker.sockadd docker group to "/var/run/docker.sock" file
cmd: sudo setfacl -m "g:docker:rw" /var/run/docker.sock
output: rw-rw---- 1 root docker 0 Jul 14 09:10 /var/run/docker.sock
Now it will work, if possible restart the docker service.
To restart the docker service
cmd:
sudo systemctl restart docker
Upvotes: 1
Reputation: 3074
It looks like a permission issue:
sudo addgroup --system docker
sudo adduser $USER docker
newgrp docker
sudo setfacl -m "g:docker:rw" /var/run/docker.sock
or Simply use this command below, which will fix this issue.
sudo chmod -x /var/run/docker.sock
Upvotes: 11
Reputation: 3411
I fixed this issue by using the following command:
sudo chmod -x /var/run/docker.sock
Upvotes: 1
Reputation: 4804
Just try to give the right permission to docker.sock file by:
sudo chmod 666 /var/run/docker.sock
Upvotes: 129
Reputation: 571
The way to fix it is to run:
sudo addgroup --system docker
sudo adduser $USER docker
newgrp docker
that works for me :)
Upvotes: 41
Reputation: 1486
I was able to solve this on my Linux Machine using the below command.
> sudo setfacl --modify user:$USER:rw /var/run/docker.sock
Note: Please checck if you have sudo access. Otherwise this command will fail.
How to check sudo access?
$ whoami
> rahul
$ groups
> useracc
$ groups useracc
> Here you can see sudo and other access details.
Upvotes: 2
Reputation: 1
Please note: not only group name is important, but apparently also gid of the groups. So if docker group on host system has gid of i.e. 995,
cat /etc/group | grep docker
docker:x:995:brandon
You must make sure gid of docker group You can do this as a part of a launch script, or simply by using exec and doing it manually:
groupmod -g 995 docker
Hope it helps anyone who comes here, it took me a while to find this answear.
Upvotes: 0
Reputation: 119
Somehow, i found this page when i have't correct permissons on my docker.sock after my Docker installation. So, if you have the same issue, you can read this:
$ sudo adduser $USER docker does not work because the group is "root" not "docker"
$ ls -l /var/run/docker.sock srw-rw---- 1 root root 0 Jul 11 09:48 /var/run/docker.sock so it should be $ sudo adduser $USER root
from a non-snap installed machine, the group is "docker"
# ls -l /var/run/docker.sock srw-rw---- 1 root docker 0 Jul 3 04:18 /var/run/docker.sock The correct way is, according to docker.help you have to run the followings BEFORE sudo snap install docker
$ sudo addgroup --system docker $ sudo adduser $USER docker $ newgrp docker then the group will be "docker"
$ ls -l /var/run/docker.sock srw-rw---- 1 root docker 0 Jul 11 10:59 /var/run/docker.sock
Source: https://github.com/docker-archive/docker-snap/issues/1 (yes, first issue :D)
The easyest way to fix it is to run:
$ sudo setfacl -m "g:docker:rw" /var/run/docker.sock
And then, as it already metioned, run following commands for your user:
$sudo addgroup --system docker
$sudo adduser $USER docker
$newgrp docker
That's it :) Have fun!
Upvotes: 8
Reputation: 321
Ubuntu 18:04
sudo setfacl --modify user:$USER:rw /var/run/docker.sock
Upvotes: 22
Reputation: 4573
sudo setfacl --modify user:<user name or ID>:rw /var/run/docker.sock
It doesn't require a restart and is more secure than usermod or chown.
as @mirekphd pointed out, the user ID is required when the user name only exists inside the container, but not on the host.
Upvotes: 379
Reputation: 257
I did the quick fix and it worked immediately.
sudo chmod 777 /var/run/docker.sock
Upvotes: 8
Reputation: 1960
add the user to the docker group.
sudo usermod -aG docker $USER
sudo reboot
Upvotes: 143
Related Questions
- docker.sock permission denied
- Why do I still getting error, Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock?
- docker commands without sudo user even after adding groupadd
- Why does docker container prompt "Permission denied"?
- Permission denied to Docker daemon socket at unix:///var/run/docker.sock
- docker: Error response from daemon: failed to listen to abstract unix socket "/containerd ... permission denied: unknown
- Docker run - User group not working as expected?
- "dial unix /tmp/docker.sock: connect: permission denied" when running docker-compose up
- permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock
- User denied permission while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock