Fix Docker daemon socket permission denied issue

Written by | 5 minutes read | Tags linux, docker | Comments

Docker is a tool to deploy an application as a container to run on the host operation system.

I installed Docker on my Ubuntu System with $ sudo apt install -y ( is a debian package for docker)

$ sudo apt install -y
  Reading state information... Done
  The following additional packages will be installed:
    bridge-utils containerd pigz runc ubuntu-fan
  Suggested packages:
    ifupdown aufs-tools btrfs-progs cgroupfs-mount | cgroup-lite debootstrap docker-doc rinse zfs-fuse | zfsutils
  The following NEW packages will be installed:
    bridge-utils containerd pigz runc ubuntu-fan
    0 upgraded, 6 newly installed, 0 to remove and 137 not upgraded.
    Need to get 74,2 MB of archives.
    After this operation, 360 MB of additional disk space will be used.
    Get:1 focal/universe amd64 pigz amd64 2.4-1 [57,4 kB]
    Get:2 focal/main amd64 bridge-utils amd64 1.6-2ubuntu1 [30,5 kB]
    Get:3 focal-updates/main amd64 runc amd64 1.0.1-0ubuntu2~20.04.1 [4.155 kB]
    Get:4 focal-updates/main amd64 containerd amd64 1.5.5-0ubuntu3~20.04.1 [33,0 MB]
    Get:5 focal-updates/universe amd64 amd64 20.10.7-0ubuntu5~20.04.2 [36,9 MB]
    Fetched 74,2 MB in 19s (3.870 kB/s)
    Preconfiguring packages ...
    Selecting previously unselected package pigz.
    (Reading database ... 558124 files and directories currently installed.)
    Preparing to unpack .../0-pigz_2.4-1_amd64.deb ...
    Unpacking pigz (2.4-1) ...
    Selecting previously unselected package bridge-utils.
    Preparing to unpack .../1-bridge-utils_1.6-2ubuntu1_amd64.deb ...
    Unpacking bridge-utils (1.6-2ubuntu1) ...
    Selecting previously unselected package runc.
    Preparing to unpack .../2-runc_1.0.1-0ubuntu2~20.04.1_amd64.deb ...
    Unpacking runc (1.0.1-0ubuntu2~20.04.1) ...
    Selecting previously unselected package containerd.
    Preparing to unpack .../3-containerd_1.5.5-0ubuntu3~20.04.1_amd64.deb ...
    Unpacking containerd (1.5.5-0ubuntu3~20.04.1) ...
    Selecting previously unselected package
    Preparing to unpack .../4-docker.io_20.10.7-0ubuntu5~20.04.2_amd64.deb ...
    Unpacking (20.10.7-0ubuntu5~20.04.2) ...
    Selecting previously unselected package ubuntu-fan.
    Preparing to unpack .../5-ubuntu-fan_0.12.13_all.deb ...
    Unpacking ubuntu-fan (0.12.13) ...
    Setting up runc (1.0.1-0ubuntu2~20.04.1) ...
    Setting up bridge-utils (1.6-2ubuntu1) ...
    Setting up pigz (2.4-1) ...
    Setting up containerd (1.5.5-0ubuntu3~20.04.1) ...
    Created symlink /etc/systemd/system/ → /lib/systemd/system/containerd.service.
    Setting up ubuntu-fan (0.12.13) ...
    Created symlink /etc/systemd/system/ → /lib/systemd/system/ubuntu-fan.service.
    Setting up (20.10.7-0ubuntu5~20.04.2) ...
    Adding group `docker' (GID 138) ...
    Created symlink /etc/systemd/system/ → /lib/systemd/system/docker.service.
    Created symlink /etc/systemd/system/ → /lib/systemd/system/docker.socket.
    Processing triggers for systemd (245.4-4ubuntu3.11) ...
    Processing triggers for man-db (2.9.1-1) ...

In order to verify my installation I run $ docker run hello-world and got the following error:

  docker: Got permission denied while trying to connect to the Docker daemon socket at
  unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.40/containers/create: dial unix
  /var/run/docker.sock: connect: permission denied.

Temporary socket fix

Make the docker.sock writable for all owner within your system

$ sudo chmod 666 /var/run/docker.sock

And try to run the hello-world example again:

$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
2db29710123e: Already exists
Digest: sha256:faa03e786c97f07ef34423fccceeec2398ec8a5759259f94d99078f264e9d7af
Status: Downloaded newer image for hello-world:latest

Hello from Docker!


But the next time you reboot your machine, you will have the same error again. Why? Because files in /var/run always change after a reboot.

Time for a permanent solution

If you check clearly the installation instructions on the top you can see that the group docker was created.

    Setting up (20.10.7-0ubuntu5~20.04.2) ...
    Adding group `docker' (GID 138) ...

You can check the group via:

$ getent group docker

And if I check if the groups of my user:

$ groups ${USER}
wm : wm adm cdrom sudo dip plugdev lpadmin lxd sambashare

I see that my user is not in the docker group. Let’s add it:

$ sudo usermod -aG docker ${USER}

And showing the groups again:

$ groups ${USER}
wm : wm adm cdrom sudo dip plugdev lpadmin lxd sambashare docker