I installed Docker in my machine where I have Ubuntu OS.

When I run:

我在安装了Ubuntu操作系统的机器上安装了Docker。当我跑步的时候：

sudo docker run hello-world

All is ok, but I want to hide the sudo command to make the command shorter.

If I write the command without sudo

一切正常，但我想隐藏sudo命令以使该命令更短。如果我不使用sudo来编写命令

docker run hello-world

That displays the following:

这将显示以下内容：

docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.35/containers/create: dial unix /var/run/docker.sock: connect: permission denied. See 'docker run --help'.

The same happens when I try to run:

当我试图逃跑时，同样的情况也会发生：

docker-compose up

How can I resolve this?

我怎么才能解决这个问题呢？

优秀答案推荐

If you want to run docker as non-root user then you need to add it to the docker group.

如果要以非超级用户身份运行docker，则需要将其添加到docker组。

1. Create the docker group if it does not exist

$ sudo groupadd docker

2. Add your user to the docker group.

$ sudo usermod -aG docker $USER

3. Log in to the new docker group (to avoid having to log out / log in again; but if not enough, try to reboot):

$ newgrp docker

4. Check if docker can be run without root

$ docker run hello-world

Reboot if still got error

如果仍出现错误，请重新启动

$ reboot

Warning

警告

The docker group grants privileges equivalent to the root user. For details on how this impacts security in your system, see Docker Daemon Attack Surface..

Taken from the docker official documentation:
manage-docker-as-a-non-root-user

摘自docker官方文档：以非超级用户身份管理docker

After an upgrade I got the permission denied.
Doing the steps of 'mkb' post install steps don't have change anything because my user was already in the 'docker' group; I retry-it twice any way without success.

升级后，我的许可被拒绝了。执行‘mkb’安装后步骤不会有任何改变，因为我的用户已经在‘docker’组中；我重试了-无论如何都没有成功。

After an search hour this following solution finaly worked :

搜索了一个小时后，以下解决方案终于奏效了：

sudo chmod 666 /var/run/docker.sock

Solution came from Olshansk.

解决方案来自奥尔尚斯克。

Look like the upgrade have recreate the socket without enough permission for the 'docker' group.

看起来升级已经在没有足够权限的情况下重新创建了套接字，而不是‘docker’组。

Problems

This hard chmod open security hole and after each reboot, this error start again and again and you have to re-execute the above command each time. I want a solution once and for all. For that you have two problems :

这个硬chmod打开了安全漏洞，在每次重新启动后，这个错误一次又一次地开始，您每次都必须重新执行上面的命令。我要一个一劳永逸的解决方案。为此，你有两个问题：

• 1 ) Problem with SystemD : The socket will be create only with owner 'root' and group 'root'.

  1)系统D的问题：套接字将仅使用所有者‘根’和组‘根’创建。

  
  

  You can check this first problem with this command :

  您可以使用以下命令检查第一个问题：

  
  

  ls -l /lib/systemd/system/docker.socket
  

  
  

  If every this is good, you should see 'root/docker' not 'root/root'.

  如果这一切都很好，你应该看到‘根/docker’而不是‘根/根’。

  
  



• 2 ) Problem with graphical Login : https://superuser.com/questions/1348196/why-my-linux-account-only-belongs-to-one-group

  2)图形登录问题：https://superuser.com/questions/1348196/why-my-linux-account-only-belongs-to-one-group

  
  

  You can check this second problem with this command :

  您可以使用以下命令检查第二个问题：

  
  

  groups
  

  
  

  If everything is correct you should see the docker group in the list.
  If not try the command

  如果一切正常，您应该会在列表中看到扩展坞组。如果没有，请尝试执行以下命令

  
  

  sudo su $USER  -c groups
  

  
  

  if you see then the docker group it is because of the bug.

  如果你看到当时的对接站群，那就是因为这个错误。

  
  

Solutions

If you manage to to get a workaround for the graphical login, this should do the job :

如果您设法获得了图形登录的解决方法，这应该可以完成以下工作：

sudo chgrp docker /lib/systemd/system/docker.socket
sudo chmod g+w /lib/systemd/system/docker.socket

But If you can't manage this bug, a not so bad solution could be this :

但如果你不能控制这个漏洞，一个不错的解决方案可能是这样的：

sudo chgrp $USER /lib/systemd/system/docker.socket
sudo chmod g+w /lib/systemd/system/docker.socket

This work because you are in a graphical environnement and probably the only user on your computer.
In both case you need a reboot (or sudo chmod 666 /var/run/docker.sock)

这是因为您处于图形化环境中，而且可能是您计算机上的唯一用户。在这两种情况下，您都需要重新启动(或sudo chmod 666/var/run/docker.sock)

1. Add current user to docker group

sudo usermod -aG docker $USER

2. Change the permissions of docker socket to be able to connect
   to the docker daemon /var/run/docker.sock

sudo chmod 666 /var/run/docker.sock

1. Add docker group

$ sudo groupadd docker

2. Add your current user to docker group

$ sudo usermod -aG docker $USER

3. Switch session to docker group

$ newgrp - docker

4. Run an example to test

$ docker run hello-world

I solve this error with the command :

我用以下命令解决了这个错误：

$ sudo chmod 666 /var/run/docker.sock

If creating a docker group and adding your user to it doesn't work (the best solution, described in the previous answers), then this one is the second best alternative:

如果创建扩展坞组并将您的用户添加到其中不起作用(最好的解决方案，如前面的答案所述)，则此解决方案是次佳替代方案：

sudo chown $USER /var/run/docker.sock 

What it does is changing the ownership of the docker.sock file to your user.

它所做的是将docker.sock文件的所有权更改为您的用户。

Note: It's a really bad practice to use chmod 666, because it gives permissions to practically everyone to access and modify the docker.sock file.

注意：使用chmod 666是一种非常糟糕的做法，因为它授予几乎所有人访问和修改docker.sock文件的权限。

It only requires the changes in permission of sock file.

只需要更改SOCK文件的权限即可。

sudo chmod 666 /var/run/docker.sock

this will work definitely.

这肯定会奏效的。

Fix Docker Issue: (Permission denied)

• Create the docker group if it does not exist: sudo groupadd docker


• See number of super users in the available system: grep -Po '^sudo.+:\K.*$' /etc/group


• Export the user in linux command shell: export USER=demoUser


• Add user to the docker group: sudo usermod -aG docker $USER


• Run the following command/ Login or logout: newgrp docker


• Check if docker runs ok or not: docker run hello-world


• Reboot if you still get an error: reboot

If it does not work, run this command:

sudo chmod 660 /var/run/docker.sock

Sudo chmod 660/var/run/docker.sock

You can always try Manage Docker as a non-root user paragraph in the https://docs.docker.com/install/linux/linux-postinstall/ docs.

您可以随时尝试在https://docs.docker.com/install/linux/linux-postinstall/文档中以非根用户段落的身份管理Docker。

After doing this also if the problem persists then you can run the following command to solve it:

完成此操作后，如果问题仍然存在，则可以运行以下命令来解决该问题：

sudo chmod 666 /var/run/docker.sock

We always forget about ACLs . See setfacl.

我们总是忘记ACL。请参见setfacl。

sudo setfacl -m user:$USER:rw /var/run/docker.sock`**

To fix that issue, I searched where is my docker and docker-compose installed. In my case, docker was installed in /usr/bin/docker and docker-compose was installed in /usr/local/bin/docker-compose path. Then, I write this in my terminal:

为了解决这个问题，我搜索了我的Docker和Docker-Compose的安装位置。在我的例子中，docker安装在/usr/bin/docker中，docker-compose安装在/usr/local/bin/docker-compose路径中。然后，我在我的终端中写道：

To docker:

对接：

sudo chmod +x /usr/bin/docker

To docker-compose:

对接-撰写：

sudo chmod +x /usr/local/bin/docker-compose

Now I don't need write in my commands docker the word sudo

现在我不需要在我的命令中写入单词sudo

/***********************************************************************/

/***********************************************************************/

ERRATA:

勘误表：

The best solution of this issue was commented by @mkasberg. I quote comment:

这个问题的最佳解决方案由@mkasberg评论。我引用以下评论：

That might work, you might run into issues down the road. Also, it's a security vulnerability. You'd be better off just adding yourself to the docker group, as the docs say. sudo groupadd docker, sudo usermod -aG docker $USER.
Docs: https://docs.docker.com/install/linux/linux-postinstall/

这可能会奏效，但你可能会在未来遇到问题。此外，这也是一个安全漏洞。你最好像医生说的那样，把自己加入码头小组。Sudo groupadd docker，sudo usermod-AG docker$user。文档：https://docs.docker.com/install/linux/linux-postinstall/

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.40/images/json: dial unix /var/run/docker.sock: connect: permission denied

sudo chmod 666 /var/run/docker.sock

This fix my problem.

这解决了我的问题。

ubuntu 21.04 systemd socket ownership

Let me preface, this was a perfectly suitable solution for me during local development and I got here searching for ubuntu docker permission error so i'll just leave this here.

让我开始吧，在本地开发期间，这是一个非常适合我的解决方案，我来到这里是为了寻找ubuntu docker权限错误，所以我就把这个留在这里。

I didn't own the unix socket, so I chowned it.

我不拥有Unix套接字，所以我拥有它。

sudo chown $(whoami):$(whoami) /var/run/docker.sock

Another, more permanent solution for your dev environment, is to modify the user ownership of the unix socket creation. This will give your user the ownership, so it'll stick between restarts:

对于您的开发环境，另一个更持久的解决方案是修改Unix套接字创建的用户所有权。这将使您的用户拥有所有权，因此它将在重新启动之间保持不变：

sudo nano /etc/systemd/system/sockets.target.wants/docker.socket

docker.socket:

docker.socket:

[Unit]
Description=Docker Socket for the API

[Socket]
ListenStream=/var/run/docker.sock
SocketMode=0660
SocketUser=YOUR_USERNAME_HERE
SocketGroup=docker

[Install]
WantedBy=sockets.target

Seriously guys. Do not add Docker in your groups or modify the socket posix (without a hardening SELinux), it's a simple way to make a root privesc. Just add an alias in your .bashrc. It's simpler and safer as: alias dc='sudo docker'.

说真的，伙计们。不要在群中添加Docker或修改套接字POSIX(没有加强SELinux)，这是创建根隐私的简单方法。只需在.bashrc中添加别名即可。它更简单也更安全，因为：alias dc=‘sudo docker’。

lightdm and kwallet ship with a bug that seems to not pass the supplementary groups at login. To solve this, I also, beside sudo usermod -aG docker $USER, had to comment out

Lightdm和kwallet附带了一个错误，在登录时似乎无法通过补充组。为了解决这个问题，除了sudo usermod-AG docker$user之外，我还必须注释掉

auth optional pam_kwallet.so
auth optional pam_kwallet5.so

to

至

#auth optional pam_kwallet.so
#auth optional pam_kwallet5.so

in /etc/pam.d/lightdm before rebooting, for the docker-group to actually have effect.

在重启前在/etc/pam.d/lightdm中，为了使扩展坞组真正生效。

bug: https://bugs.launchpad.net/lightdm/+bug/1781418 and here: https://bugzilla.redhat.com/show_bug.cgi?id=1581495

错误：https://bugs.launchpad.net/lightdm/+bug/1781418和此处：https://bugzilla.redhat.com/show_bug.cgi?id=1581495

you can follow these steps and this will work for you:

您可以按照以下步骤操作，这将对您起作用：

1. create a docker group sudo groupadd docker


2. add your user to this group sudo usermod -aG docker $USER


3. list the groups to make sure that docker group created successfully by running this command groups


4. run the following command also to change the session for docker group newgrp docker


5. change the group ownership for file docker.socksudo chown root:docker /var/run/docker.sock


6. change the ownership for .docker directory sudo chown "$USER":"$USER" /home/"$USER"/.docker -R


7. finally sudo chmod g+rwx "$HOME/.docker" -R

After that test you can run docker ps -a

在测试之后，您可以运行docker ps-a

This work for me:

这对我很管用：

Get inside the container and modify the file's ACL

进入容器并修改文件的ACL

sudo usermod -aG docker $USER
sudo setfacl --modify user:$USER:rw /var/run/docker.sock

It's a better solution than use chmod.

这是一个比使用chmod更好的解决方案。

use this command

使用此命令

sudo usermod -aG docker $USER

then restart your computer this worked for me.

然后重启你的电脑，这对我很管用。

Rebooting the machine worked for me.

重新启动机器对我起作用了。

$ reboot

I ran into a similar problem as well, but where the container I wanted to create needed to mount /var/run/docker.sock as a volume (Portainer Agent), while running it all under a different namespace. Normally a container does not care about which namespace it is started in -- that is sort of the point -- but since access was made from a different namespace, this had to be circumvented.

我也遇到了类似的问题，但是我想要创建的容器需要将/var/run/docker.sock作为卷(Portainer代理)挂载，同时在不同的名称空间下运行它。通常，容器不关心它是从哪个名称空间开始的--这在某种程度上是关键所在--但由于访问是从不同的名称空间进行的，因此必须绕过这一点。

Adding --userns=host to the run command for the container enabled it to use the attain the correct permissions.

将--userns=host添加到容器的run命令使其能够使用获得正确的权限。

Quite a specific use case, but after more research hours than I want to admit I just thought I should share it with the world if someone else ends up in this situation :)

这是一个非常具体的用例，但在研究了比我想承认的更多的时间后，我只是想，如果其他人陷入这种情况，我应该与世界分享它：)

i try this commend with sudo commend and it was ok.sudo docker pull hello-world or sudo docker run hello-world

我试着用sudo complomate来推荐它，它是可以的。sudo docker拉Hello-world或sudo docker run Hello-world

In the Linux environment, after installing docker and docker-compose reboot is required for work docker better to avoid this issue.

在Linux环境下，安装了docker和docker后，需要重新启动以更好地工作docker以避免此问题。

$ sudo systemctl restart docker

It is definitely not the case the question was about, but as it is the first search result while googling the error message, I'll leave it here.

问题肯定不是这样的，但由于这是谷歌搜索错误消息时的第一个搜索结果，我将把它留在这里。

First of all, check if docker service is running using the following command:

首先，使用以下命令检查docker服务是否正在运行：

systemctl status docker.service

系统ctl状态docker.service

If it is not running, try starting it:

如果它没有运行，请尝试启动它：

sudo systemctl start docker.service

Sudo system ctl启动docker.service

... and check the status again:

..。并再次检查状态：

systemctl status docker.service

系统ctl状态docker.service

If it has not started, investigate the reason. Probably, you have modified a config file and made an error (like I did while modifying /etc/docker/daemon.json)

如果尚未启动，请调查原因。您可能已经修改了配置文件并犯了错误(就像我在修改/etc/docker/daemon.json时所做的那样)

The Docker daemon binds to a Unix socket instead of a TCP port.
By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.

Docker守护程序绑定到Unix套接字，而不是TCP端口。默认情况下，该Unix套接字由用户根拥有，其他用户只能使用sudo访问它。Docker守护进程始终以根用户身份运行。

If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.

如果您不想在docker命令前面加上sudo，请创建一个名为docker的Unix组并向其中添加用户。当Docker守护进程启动时，它会创建一个可由Docker组的成员访问的Unix套接字。

To create the docker group and add your user:

要创建扩展坞组并添加用户，请执行以下操作：

1. Create the docker group

   
   

    sudo groupadd docker
   

   
   



2. Add your user to the docker group

   
   

    sudo usermod -aG docker $USER
   

   
   



3. Log out and log back in so that your group membership is re-evaluated.

   
   

   If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect.

   
   

   On a desktop Linux environment such as X Windows, log out of your session completely and then log back in.

   
   

   On Linux, you can also run the following command to activate the changes to groups:

   
   

    newgrp docker 
   

   
   



4. Verify that you can run docker commands without sudo. The below command downloads a test image and runs it in a container. When the container runs, it prints an informational message and exits

   
   

   docker run hello-world
   

   
   

If you initially ran Docker CLI commands using sudo before adding your user to the docker group, you may see the following error, which indicates that your ~/.docker/ directory was created with incorrect permissions due to the sudo commands.

如果在将用户添加到停靠组之前最初使用sudo运行Docker CLI命令，您可能会看到以下错误，这表明您的~/.docker/目录是由于sudo命令而使用不正确的权限创建的。

   WARNING: Error loading config file: /home/user/.docker/config.json -
   stat /home/user/.docker/config.json: permission denied

To fix this problem, either remove the ~/.docker/ directory (it is recreated automatically, but any custom settings are lost), or change its ownership and permissions using the following commands:

要解决此问题，请删除~/.docker/目录(它是自动重新创建的，但所有自定义设置都会丢失)，或者使用以下命令更改其所有权和权限：

sudo chown "$USER":"$USER" /home/"$USER"/.docker -R

sudo chmod g+rwx "$HOME/.docker" -R

All other post installation steps for docker on linux can be found here https://docs.docker.com/engine/install/linux-postinstall/

在linux上使用docker的所有其他安装后步骤都可以在这里找到https://docs.docker.com/engine/install/linux-postinstall/

I tried all the described methods and nothing helped to solve the problem. The solution was to use the --use-drivers parameter when running selenoid and selenoid-ui. Below is the full listing of my Dockerfile.

我尝试了所有描述的方法，但都不能解决问题。解决方案是在运行selenio和selenid-ui时使用--use-drives参数。下面是我的Dockerfile的完整列表。

FROM selenoid/chrome
USER root
RUN apt-get update
RUN apt-get -y install docker.io
RUN curl -s https://aerokube.com/cm/bash | bash
RUN ./cm selenoid start --vnc --use-drivers
RUN ./cm selenoid-ui start --use-drivers
EXPOSE 4444 8080
CMD ["-conf", "/etc/selenoid/browsers.json", "-video-output-dir", "/opt/selenoid/video/"]

In my case it was the process itself (CI server agent) that was trying to run a docker command wasn't able to run it, but when I tried to run same command from within the same user it worked.

在我的例子中，试图运行docker命令的进程本身(CI服务器代理)无法运行它，但当我试图从同一用户内部运行相同的命令时，它起作用了。

Restarting the daemon that runs CI server agent solved the problem.

重新启动运行CI服务器代理的后台进程解决了该问题。

The reason why command wasn't working from within agent before is because the agent was running before I installed docker and granted docker group permissions, and agent process used cached old permissions and was failing. Restarting the process dropped the cache and make things work out.

以前命令在代理中不起作用的原因是，在我安装docker并授予docker组权限之前，代理正在运行，并且代理进程使用缓存的旧权限并且失败。重新启动进程会丢弃缓存，并使问题得到解决。

As a shortest answer for linux user ->

作为对Linux用户的最简短回答->

Simply try any command as super user with "sudo"

只需以超级用户身份使用“sudo”尝试任何命令

Eg:- sudo docker-compose up

例句：-sudo docker-化妆

Adding answer here for future reference:

(This is the cause and what solved it for my use case)

在这里添加答案以供将来参考：(这是原因，也是我的用例解决它的原因)

This happens when your Unix user account lacks permission to interact with the socket that exposes the Docker API. Adding yourself to the docker group is the best practice way to resolve this problem:

当您的Unix用户帐户没有与公开Docker API的套接字交互的权限时，就会发生这种情况。将您自己添加到扩展坞组是解决此问题的最佳实践方法：

$ sudo usermod -aG docker $USER

$sudo Usermod-AG docker$USER

You'll need to open a new shell window or logout and back in again for this change to take effect.

要使此更改生效，您需要打开一个新的外壳窗口或注销后再重新登录。

Source

来源

If the user was already in the 'docker' group; try to give permission
to /var/run/docker.sock file
sudo chmod 666 /var/run/docker.sock
it will work

如果用户已经在‘docker’组中；尝试向/var/run/docker.sock文件sudo chmod 666/var/run/docker.sock授予权限，它将正常工作

Docker already created a guide to Run the Docker daemon as a non-root user (Rootless mode).

Docker已经创建了以非根用户身份(无根模式)运行Docker守护进程的指南。

Rootless mode allows running the Docker daemon and containers as a non-root user to mitigate potential vulnerabilities in the daemon and the container runtime.