This tutorial I will show you how to enter docker command without using sudo command on Ubuntu Linux machine.
If you use Docker for testing and development on your local machine, you probably experienced of those messages.
$ docker run hello-world Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.27/containers/json: dial unix /var/run/docker.sock: connect: permission denied
You would probably circumvent this by using sudo before docker command or logging as root using su. But it does not have to be that way. It is possible to run as normal user, and there are two ways. One is to add your user to docker group and another is to allow it to write to Unix socket used by docker. We are going to show both ways to do this in on Ubuntu 18.04 LTS.
1) Adding user to the docker group
Create new group if it does not exist. This command will likely fail as group maybe already exist, but let's run it anyways.
sudo groupadd docker
Next we need to add current user to the group.
sudo gpasswd -a $USER docker
If you don't want to add currently logged in user, but instead some other, you change $USER for the username of that user. Note that user must be allowed to use sudo.
Lastly we need to reload shell in order to have new group settings applied. For this you can reboot or you can log out and log back in, but both are nuke approaches when you actually want something more subtle so lets instead do this command
newgrp docker
Now we are ready to run docker test program without sudo
docker run hello-world Unable to find image 'hello-world:latest' locally latest: Pulling from library/hello-world ca4f61b1923c: Pull complete Digest: sha256:97ce6fa4b6cdc0790cda65fe7290b74cfebd9fa0c9b8c38e979330d547d22ce1 Status: Downloaded newer image for hello-world:latest Hello from Docker! This message shows that your installation appears to be working correctly.
2) ACL lists
There is another way to do this, and that is ACL lists.
Still logged in as sudoer user we need to run this command
sudo setfacl -m user:bobby:rw /var/run/docker.sock
Off course, change bobby for your actual user who you want to use docker.
Now you can log in as this user.
su bobby
Now we can use docker, for example enter this command
docker ps
It should list containers if you have some. If not, at least it won't show you permission denied error.
Read Also :
That is it, two ways to have docker without sudo. It will save you typing and make using docker faster. Thank you for reading, and let us know in the comments if know any other options.
Hello Mihajlo,
Letting users (or yourself) use docker without sudo is a security risk, which needs to be understood beforehand since it allows you to gain root privileges very easily.
Any code you execute as your local user can gain root privileges without you knowing, and this is not something people usually know.
I wrote a blog post about this risk: https://medium.com/@msuixo/linux-users-running-docker-without-sudo-is-dangerous-3e5c5654abea