This guide will show you how to fix the error Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock when trying to run docker commands.
The Docker daemon binds to a Unix socket instead of a TCP port, but only root users can access this socket by default, hence, when you run docker commands without sudo, you will get the error below:
~ $ docker run hello-world docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied. See 'docker run --help'.
Taking a shortcut by running Docker with sudo
You can simply run your docker command with sudo that enables root privileges, hence allowing the connection to the daemon socket and running Docker successfully as a result:
~ $ sudo docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
...
However, this is not the proper solution as your Docker might fail again when you try integrating it with other tools, such as your favourite IDE, which in turn, probably won’t (and shouldn’t) run Docker commands with root privileges.
Making your user a member of the docker group
The Docker daemon creates a socket accessible by members of the docker group when it starts, so all you have to do is to create this user group and add your own user to it:
sudo groupadd docker sudo usermod -aG docker $USER
Note: The group docker might already exist, so if you get a message groupadd: group 'docker' already exists, simply carry on by running the remaining commands.
Finally, you will need to log out and log in again for the changes to take effect on new shell sessions, however, if you can not do that at the moment and would like to load the changes on the current shell, run the following:
newgrp docker
Now, you can run docker commands without sudo:
docker run hello-world
Hello from Docker!
This message shows that your installation appears to be working correctly.
To generate this message, Docker took the following steps:
1. The Docker client contacted the Docker daemon.
2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
(amd64)
3. The Docker daemon created a new container from that image which runs the
executable that produces the output you are currently reading.
4. The Docker daemon streamed that output to the Docker client, which sent it
to your terminal.
...
References
- Docker – Post-installation steps for Linux