How to fix docker: Got permission denied issue
After an upgrade I got the permission denied. Doing the steps of 'mkb' post install steps don't have change anything because my user was already in the 'docker' group; I retry-it twice any way without success.
After an search hour this following solution finaly worked :
sudo chmod 666 /var/run/docker.sock
Solution came from Olshansk.
Look like the upgrade have recreate the socket without enough permission for the 'docker' group.
Problems
This hard chmod open security hole and after each reboot, this error start again and again and you have to re-execute the above command each time. I want a solution once and for all. For that you have two problems :
1) Problem with
SystemD
: The socket will be create only with owner 'root' and group 'root'.You can check this first problem with this command :
ls -l /lib/systemd/system/docker.socket
If every this is good, you should see '
root/docker
' not 'root/root
'.2 ) Problem with graphical Login : https://superuser.com/questions/1348196/why-my-linux-account-only-belongs-to-one-group
You can check this second problem with this command :
groups
If everything is correct you should see the docker group in the list. If not try the command
sudo su $USER -c groups
if you see then the docker group it is because of the bug.
Solutions
If you manage to to get a workaround for the graphical login, this should do the job :
sudo chgrp docker /lib/systemd/system/docker.socket
sudo chmod g+w /lib/systemd/system/docker.socket
But If you can't manage this bug, a not so bad solution could be this :
sudo chgrp $USER /lib/systemd/system/docker.socket
sudo chmod g+w /lib/systemd/system/docker.socket
This work because you are in a graphical environnement and probably the only user on your computer.
In both case you need a reboot (or an sudo chmod 666 /var/run/docker.sock
)
- Add docker group
$ sudo groupadd docker
- Add your current user to docker group
$ sudo usermod -aG docker $USER
- Switch session to docker group
$ newgrp - docker
- Run an example to test
$ docker run hello-world
If you want to run docker as non-root user then you need to add it to the docker group.
- Create the docker group if it does not exist
$ sudo groupadd docker
- Add your user to the docker group.
$ sudo usermod -aG docker $USER
- Run the following command or Logout and login again and run (that doesn't work you may need to reboot your machine first)
$ newgrp docker
- Check if docker can be run without root
$ docker run hello-world
Reboot if still got error
$ reboot
Warning
The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..
Taken from the docker official documentation: manage-docker-as-a-non-root-user