Docker is a container-based system for application development and deployment. It partitions the operating system, runs multiple isolated software containers, and provides users with an interface to work across them as one solution. However, some of its most notable features are Docker’s security capabilities which make it difficult to break into individual virtual machines or limit access within any given machine. This means that even if someone breaks through the outer layer of security in a VM they will still have no way in without your permission since all permissions are read-only by default on Linux hosts at least until you specify otherwise in your code base (Dockerfile).
The “docker permission denied in container” is a problem that can occur when trying to run docker commands. The solution for the problem is to change the permissions of the file that contains the command.
When you get an error like Docker permission denied when attempting to connect, running apps using Docker as a regular habit might become a nightmare. But don’t panic; this article will assist you in getting back on your feet quickly.
This guide will teach you how to fix the dreaded Docker permission denied error message in a variety of methods. If it’s a serious problem, we suggest getting a problem statement template that provides an effective framework to explain the problem.
This seminar includes practical examples. Make sure you have the following in order to follow along:
- The samples in this article run on Ubuntu 20.04, but they should work on any Linux distribution.
- The tutorial is using Docker engine version 20.10.8, build 3967b7d.
Docker Commands at a Higher Level
A permission denied issue when connecting to Docker might be caused by a variety of circumstances. One of these issues might be that you’re executing Docker commands without first running sudo. When performing commands, the sudo command grants you higher administrative access as well as security privileges.
When attempting to execute a docker command, the dreaded permission denied message appears.
A permission denied error has occurred.
To launch the hello-world Docker image, open your terminal and add sudo to the docker command below. You’ll need to enter your password since you’re performing an elevated command.
docker run hello-world sudo
An report similar to the one given below demonstrates that Docker is successfully installed.
Using elevated Docker commands (sudo)
The Docker Engine is being restarted.
If Docker Commands at a Higher Level does not fix the permission denied error, verify that your Docker Engine is running. Similar to running a docker command without the sudo command, a stopped Docker Engine triggers the permission denied error. How do you fix the error? By restarting your Docker engine.
To verify the Docker Engine’s state (status docker) and if it is operating, use the systemctl command below.
systemctl status docker sudo
The returned status of active indicates that the Docker Engine is up and operating (running).
Docker Engine status is shown.
Run the systemctl command below to start the Docker Engine if it isn’t already running (start docker).
systemctl start docker sudo
Now, run the hello-world Docker command as you did in the “Docker Commands at a Higher Level” section to verify that the error is resolved.
docker run hello-world sudo
Adding a User Account with Non-Root User Access to a Group
You’ve double-checked that your Docker engine is up and running, but you’re still receiving a Docker permission denied error? If that’s the case, you’ll need to assign your user account to a group that doesn’t have root access. Why? Because any Docker command ran on a Linux computer that is not part of the user group will result in a permission denied error.
- To establish a new group named docker, use the groupadd command. To continue executing the program, enter your password.
If the docker group is present in the user group, the result will look like this.
Making a New Group Called “docker”
2. Then, using the -aG parameters, execute the usermod command below to add your user account (programmer) to the (docker) group. This command grants non-user access to your user account.
docker programmer sudo usermod -aG
3. Change the current actual group ID to the docker group using the newgrp command.
Each time you wish to start Docker as a non-root user, use this command.
4. Finally, run the hello-world Docker image again to make sure the problem is gone. If you’re still receiving an issue at this stage, try giving the docker.sock file additional access. The docker.sock file is a UNIX socket that the Docker daemon listens to as the Docker API’s entry point. It’s a mechanism for the user and the system to exchange process information.
To allow all users read/write (666) access to the /var/run/docker.sock file, perform the chmod command below. To test whether the problem has been addressed, run the hello-world Docker image again.
Users and File Permissions: A Windows Guy in a Linux World
/var/run/docker.sock sudo chmod 666
Docker Service Unit File Editing
If launching Docker as a non-root user does not solve the problem, consider changing the Docker SystemD service unit file. The Docker service file includes sensitive options that might change the Docker daemon’s behavior. You may alter the default behavior of the Docker unit file by adding an additional command to change the service default behavior.
1. Open the Docker service unit file in your preferred text editor using the command below. The Docker service file opens in the nano text editor in this example.
/usr/lib/systemd/system/docker.service sudo nano
2. Inside the Docker service unit file, look for the [Service] header, as shown below. Save the modifications by copying and pasting the instructions below into the Docker service unit file.
The SupplementaryGroups command establishes the supplementary Unix groups where the processes are run in the example below. Simultaneously, the ExecStartPost command cleans up actions that are performed even if the service fails to start up properly.
ExecStartPost=/bin/chmod 666 /var/run/docker.sock SupplementaryGroups=docker
Docker Service Unit File Editing
3. Now, restart and activate the Docker service using the instructions below. This allows you to restart the Docker service and prevent issues while running Docker commands.
# Reloads all the Docker unit files and recreates the entire dependency tree. sudo systemctl daemon-reload # Restarts the Docker service systemctl start docker sudo # Enable the Docker to run on your computer. sudo systemctl enable docker
4. Finally, run the hello-world Docker image again to verify whether the permission denied issue still occurs.
Using Privilege Mode with Docker
Last but not least, running Docker in privileged mode is one of the solutions to the Docker permission denied problem. This gives a Docker container root privileges on the system.
Docker in privileged mode is dangerous and prone to hacker assaults. So use caution and only run Docker in privileged mode if you’re certain you know what you’re doing.
1. To acquire the ID of the container you wish to launch, execute the command below to list all Docker containers on your system.
All Docker Containers in the System are listed here.
2. Check whether the container you wish to start is already in privileged mode using the docker inspect command (—format=’.HostConfig.Privileged’). Replace CONTAINER ID with the container ID you recorded in step one.
—format=’.HostConfig.Privileged’ docker inspect CONTAINER ID
The command returns a true value to the console if the container is in privileged mode. Continue to the next step if the command returns a false value, as illustrated below.
Checking for Privileged Mode in a Container
3. Finally, to launch the Docker container in privileged mode, use the docker command below (—privileged hello-world).
hello-world sudo docker run —privileged
You’ve learned how to fix the Docker permission denied problem in a variety of methods throughout this article, including using elevated commands and running Docker in privileged mode.
Now that you know how to avoid errors while developing Docker-based apps, do you want to maintain your Docker images clean at all times?
Docker Image Prune Can Help You Manage Your Docker Images
If you are having problems with Docker, and you get a message like “dial unix /var/run/docker.sock: connect: permission denied“, then this is the cause of the problem.
- docker permission denied windows
- docker volume permission denied
- got permission denied while trying to connect to the docker daemon socket
- docker rm permission denied
- docker build permission denied