Docker 19.03 without sudo

nabbisen - Jun 9 '20 - - Dev Community

Summary

Docker requires administrative privilege by default on some Linux distros.
Therefore, in their cases, "permission denied" happens when using docker subcommands.

$ docker pull centos:centos8
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/create?fromImage=centos&tag=centos8": dial unix /var/run/docker.sock: connect: permission denied

$ docker image ls
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json": dial unix /var/run/docker.sock: connect: permission denied

$ docker build --tag image-name:version . -f ./some.dockerfile
ERRO[0000] failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied 
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/...": dial unix /var/run/docker.sock: connect: permission denied
Enter fullscreen mode Exit fullscreen mode

They are solved by using sudo.
Well, so as not to use sudo frequently in development, it would be useful to let users be members of docker.

Reference

docs.docker.com says:

The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

How-to

Here is how to do it. Replace "$MY_USER" with the real user name, please.

Validate docker group exists

See your group list:

$ cat /etc/group | grep docker
docker:x:***:
Enter fullscreen mode Exit fullscreen mode

When it isn't found't, create first:

$ #sudo groupadd docker
Enter fullscreen mode Exit fullscreen mode

Add the current user to docker group

Invite your user to docker group:

$ sudo usermod -a -G docker $MY_USER
Enter fullscreen mode Exit fullscreen mode

Validate:

$ cat /etc/group | grep docker
docker:x:***:$MY_USER
Enter fullscreen mode Exit fullscreen mode

Logout, and login again

With GUI or runnning some command-line such as:

$ #exec: xfce4-session-logout, gnome-session-quit, i3-msg exit, ...
Enter fullscreen mode Exit fullscreen mode

Conclusion

After all, it might get more comfortable, because the command-lines which failed will be successful :)

$ docker image ls
REPOSITORY          TAG                 IMAGE ID            CREATED             SIZE

$ docker container ls
CONTAINER ID        IMAGE               COMMAND             CREATED             STATUS              PORTS               NAMES
Enter fullscreen mode Exit fullscreen mode
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .