Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Asked 17/12, 2017 at 11:8 Answered 26/1 at 8:14

547

I am new to docker. I just tried to use docker in my local machine(Ubuntu 16.04) with Jenkins.

I configured a new job with below pipeline script.

node {
    stage('Build') {
      docker.image('maven:3.3.3').inside {
        sh 'mvn --version'
      }
    }
}

But it fails with this error:

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Rogerson answered 17/12, 2017 at 11:8 Comment(4)

is it a monolithic Jenkins or has a master-slave setup? Check with which user you are executing the docker inspect command. See if /var/run/docker.sock has RW access to group. – Foundling 19/12, 2017 at 13:18

Possible duplicate of Got permission denied while trying to connect to the Docker daemon socket while executing docker stop – Matta 29/4, 2019 at 8:30

docker post-installation steps: docs.docker.com/install/linux/linux-postinstall/… – Alodi 26/7, 2019 at 15:1

I had a similar problem. Those resources were helpful: linuxhandbook.com/docker-permission-denied and techoverflow.net/2018/12/15/… – Mishamishaan 1/11, 2021 at 15:8

912

If using jenkins

The user jenkins needs to be added to the group docker:

sudo usermod -a -G docker jenkins

Then restart Jenkins.

Otherwise

If you arrive to this question of stack overflow because you receive this message from docker, but you don't use jenkins, most probably the error is the same: your unprivileged user does not belong to the docker group.

You can do:

sudo usermod -a -G docker $USER

You can check it was successful by doing grep docker /etc/group and see something like this:

docker:x:998:[user]

in one of the lines.

Then change your users group ID to docker (to avoid having to log out and log in again):

newgrp docker

Solution answered 25/1, 2018 at 19:14 Comment(22)

and relogin user – Epley 20/6, 2018 at 8:18

Nice answer, but to be more general we could do this: sudo usermod -a -G docker $USER and logout or reboot. link – Urban 24/7, 2018 at 8:25

@JulienNyambal That adds the user that's running the command to the docker group. In this case that's not what's wanted since Jenkins is its own user and Jenkins is what needs access to docker. – Cyprio 14/9, 2018 at 19:4

I had to restart my server for this to actually work. – Nonconformance 10/10, 2018 at 18:45

I had to disconnect/reconnect my nodes for this to work (they are connected over ssh) – Seditious 3/11, 2018 at 3:3

Probably worth highlighting that without restart the changes will likely not take effect. – Regent 29/12, 2018 at 17:29

No need to login again, just use newgrp docker instead in the same terminal session. – Voe 6/4, 2019 at 11:40

service jenkins restart solved my docker socket problem while restarting from browser did not. – Fleeting 14/6, 2019 at 15:23

restart jenkins from command line ' sudo service jenkins restart ' not from ' ip:port/restart ' – Impower 28/8, 2019 at 5:26

If you're running Jenkins inside a docker container just run groupadd docker && usermod -a -G docker jenkins inside your Dockerfile, like this – Broadfaced 24/3, 2020 at 2:6

in centos I found the user dockerroot not docker. – Flanch 14/4, 2020 at 10:38

If running Jenkins inside docker, make sure the GIDs of 'docker' groups on container and on host are the same. E.g. groupadd -g 109 docker, where 109 is the GID on host (check it with grep docker /etc/group) – Frisette 20/9, 2020 at 2:15

Note: I had to run sudo service jenkins restart for the permission changes to take effect. Restarting Jenkins through its web interface is not enough. – Julietajulietta 23/11, 2020 at 17:30

I also had to log out of the other user accounts on the computer for this to work – Eventually 30/1, 2021 at 17:21

You may also have to restart docker. The docker.sock file's group is set to root if the docker group doesn't exist. So after creating the group, you need to restart docker to get to use the new group for the socket. – Hade 25/2, 2021 at 14:38

None of these solutions worked for me. Restarting the system and docker multiple times after applying these permissions and trying others still doesn't resolve the problem. – Sheridansherie 31/3, 2021 at 4:40

sudo /usr/bin/usermod -a -G docker [user] One might want to give full classpath of usermod, if it's not added in your path. – Dniren 6/9, 2021 at 12:45

After running sudo -a -G docker [user] command, I restarted my computer and it worked :-) (NOTE: It didn't work unless I reset it.) – Bicephalous 21/10, 2021 at 20:39

sudo usermod -a -G docker jenkins and service jenkins restart will work as @Solution mentioned – Fireplug 29/9, 2022 at 17:53

In my case line docker:x:998:[user] was already in the file but with docker:x:995:[user] and the command did not update it. I did it manually, and everything worked as expected. – Zoraidazorana 24/4, 2023 at 21:24

I am using Azure DevOps to run the pipeline. How would I know which user to add to the docker group? – Lundberg 30/6, 2023 at 11:6

It stops working when I close/reopen terminal – Marotta 16/11, 2023 at 13:55

252

My first solutions was:

usermod -aG docker jenkins
usermod -aG root jenkins
chmod 664 /var/run/docker.sock

But none of them work for me, I tried:

chmod 777 /var/run/docker.sock

That works, but I don't know if it is the right call.

Malia answered 19/3, 2018 at 13:34 Comment(12)

The reason why it failed probably is because you had to reopen terminal. It failed after doing 664, but then i opened a new shell it worked. – Sladen 10/10, 2018 at 23:40

I tried reopening, but it started working only after the last chmod 777 – Suisse 24/10, 2018 at 11:16

the problem was that after reboot 777 was reset to 660. What fixed the problem for me was 'usermod -aG users jenkins'. – Suisse 24/10, 2018 at 15:1

I realize it was reset, but do not set the docker.sock permissions to 777. This gives anyone root on your system. They are able to talk to docker and create privileged containers with no restrictions. – Officer 16/1, 2019 at 23:46

Despite this worked for the author and even for me, give more access to the docker.sock file is not the best solution, you only need to execute the usermod ... instructions, and then reboot your system, otherwise it doesn't take effect – Bluff 4/3, 2019 at 21:53

this also worked for me on ubuntu chmod 777 /var/run/docker.sock – Nalor 8/8, 2019 at 5:49

Granting the Docker socket a very open permission, like 777, is something you may want to avoid in Prod, by doing this, you are giving the permissions to any process or user to fully access Docker. You only need to add Jenkins user to Docker group and then restart your server, that's pretty much all what you need to do. HTH. – Ayo 9/6, 2020 at 0:18

Giving full access permission on the socket may cause security problems. – Equiangular 16/6, 2020 at 12:34

don't do ever chmod 777 /var/run/docker.sock. never. this is giving permissions to anyone to use Docker in the machine, totally discouraged. – Gravitt 22/7, 2020 at 12:30

I'd love to have an option other than chmod 777 but nothing else is working for me, even after multiple restarts and attempts to fix it. – Sheridansherie 31/3, 2021 at 4:42

Better to try: chmod 666 /var/run/docker.sock – Silvan 6/7, 2022 at 12:41

That's ubuntu 23.04 issue while apt install docker-compose – Ringo 14/2 at 16:39

122

Success for me

sudo usermod -a -G docker $USER
reboot

Train answered 4/10, 2018 at 12:40 Comment(8)

no need reboot. Just logout then login again. I am talking about usermod – Esperanzaespial 5/4, 2019 at 14:42

On Ubuntu 18.04, I had to reboot for the setting to work. – Bidet 21/12, 2019 at 15:28

On Ubuntu 20.04 I needed the reboot. Close session not enough. – Vassar 2/6, 2020 at 17:24

Or run su ${USER} instead of logging out – Schriever 8/6, 2020 at 17:5

I tried many of the suggestions here and elsewhere, and rebooting seems to have done the trick. – Modeling 31/10, 2021 at 22:52

Ubuntu 22.10 : Rebooted and worked...! – Galan 25/3, 2023 at 15:21

@goonerify's solution worked for me. I ran sudo usermod -a -G docker $USER and then su ${USER} and my Docker issues were fixed without needing to restart my VPS. – Sacrifice 8/11, 2023 at 13:50

On Manjaro 23 re-login is not enough either. Only after the full restart I can run docker commands without sudo – Aspa 31/12, 2023 at 13:0

2018-08-19

I have been stuck for days on this one and as I haven't found a complete answer with the why and how, I will post one for other people that stumble on the same problem and answers from above do not work.

These are the 3 crucial steps when running Jenkins inside docker:

You mount the socket /var/run/docker.sock to the jenkins container in order to be able to use the docker from the host.
You have to install docker inside the container in order to use it. This is a great and simple article on how to do that. Note that newer versions might already have docker installed
You run sudo usermod -a -G docker jenkins in order to add jenkins to the docker group. However, here you might run into a permission problem if the host docker and the container docker don't have the same group id so it is very important to adjust the container docker's gid to be the same as the host docker gid

You can do this as a part of a launch script or simply by using exec and doing it manually: groupmod -g <YOUR_HOST_DOCKER_GID> docker.

Also, do not change permissions of the /var/run/docker.sock to 777 or stuff like that because that is a big security risk, you are basically giving everyone permission to use docker on your machine

Hope this helps

Homegrown answered 19/8, 2018 at 20:29 Comment(8)

Thanks-- note that for the current Jenkins Docker images the docker commands are already installed (and apt-get is not.) Your other points-- adding Jenkins to the right group and ensuring the GID matches the one from the Docker host, remain spot on. – Trundle 18/3, 2019 at 19:33

Saved my life with the group id problem. Thanks! – Harrelson 16/7, 2020 at 12:34

When I try to add group inside jenkins container it fails as I need to be root. If I try su - it asks me for password. How are you adding group with right ID inside the jenkins container? – Ciliolate 26/7, 2020 at 4:27

The default user in the container is determined by the parent image user but if you run a standard ubuntu image, it should be root and you shouldn't have any issues running a usermod command. How exactly did it fail? Can you provide and example command and error message? – Homegrown 26/7, 2020 at 11:33

This should be a separate answer to a separate question asking the same thing but when running Jenkins inside a container. The groupmod command can/should be in the Dockerfile. – Macaw 18/9, 2020 at 9:16

@UroshT. step2 only requires docker-ce-cli but not full docker. step3 is a little ambigious. It's better to point out which env for the command to run. – Epistrophe 31/7, 2021 at 2:44

See this for a more canonic way of doing this – Gringo 6/2, 2022 at 14:12

Get the host gid of the docker socket with stat -c "%g" /var/run/docker.sock – Gringo 6/2, 2022 at 14:38

Change the access permission of the docker.sock file

chmod 777 /var/run/docker.sock

or u can use sudo in the start of the command.

chmod 777 will allow all actions for all users while chmod 666 will allow all users to read and write but cannot execute the file.

Pusillanimous answered 12/3, 2020 at 11:42 Comment(5)

chmod 777 /var/run/docker.sock worked for me I had this issue after installing from snap – Embarkment 25/11, 2020 at 4:31

is this a best practice? – Hirsch 3/10, 2021 at 15:33

This is definitely not the best option due to security reasons, but worked for me. – Milline 12/10, 2021 at 12:38

Of course it works because it gives everyone access. Best practice would be to create a group called docker and then sudo chown root:docker /var/run/docker.sock so that users in the docker group have access. – Cant 2/12, 2021 at 14:20

Thank you! This is the only solution that worked for my after trying them all. – Observable 8/8, 2022 at 9:21

This works for me in Ubuntu 20.04

sudo chmod 666 /var/run/docker.sock

Don't know what exactly it does but solve the problem.

Appalling answered 25/8, 2021 at 10:33 Comment(3)

its working fine but when i reboot the system again it's not working. – Der 26/10, 2021 at 6:7

This sets the socker readable and writable to everyone. Remember - 666 is the mark of the beast, and to be avoided for anything where security matters at all. It'll certainly fix THAT problem, but may bring you a bunch of bigger ones. :) – Gabriel 2/3, 2022 at 22:19

@PaulHodges yeah. but it's a quick fix. – Appalling 3/3, 2022 at 17:52

Method 01 :- Safer method

sudo usermod -aG docker ${USER}

To apply the new group membership, log out of the server and back in, or type the following:

su - ${USER}

You will be prompted to enter your user’s password to continue. Confirm that your user is now added to the docker group by typing:

id -nG

Method 02 :- Not recommended for public deployments (Unsafe)

chmod 777 /var/run/docker.sock

or use

sudo chown root:docker /var/run/docker.sock

Charleencharlemagne answered 28/8, 2020 at 0:11 Comment(7)

This was the only working solution for me!! – Groundsill 8/4, 2021 at 14:22

Or else you can run it as sudo – Charleencharlemagne 8/4, 2021 at 15:20

This solution will make docker insecure!! – Unearned 19/6, 2021 at 17:26

Not recommended for public deployments. – Charleencharlemagne 20/6, 2021 at 12:34

The answer has been edited to be more secure. @Mohsen – Charleencharlemagne 23/6, 2021 at 19:54

I don't know how to logout a system user, so, I restarted the Jenkins service. service jenkins restart – Hymenium 30/9, 2021 at 11:8

Drop your "Method 02" and add sudo chown root:docker /var/run/docker.sock – Cant 2/12, 2021 at 14:22

This is a very common permission issue and here is the Simple Solution:

check what read-write permissions docker have:

ls -l /var/run/docker.sock

if above command says: srw-rw---- 1 root docker 0 Feb 17 12:48 /var/run/docker.sock

then we need to change the permissions:

sudo chmod 666 /var/run/docker.sock

and now if you will check permissions, it says: srw-rw-rw- 1 root docker 0 Feb 17 12:48 /var/run/docker.sock

in case you are curious what is 666?

permission to Read, Write and Execute [1st digit for owner, 2nd for group, 3rd for user], 666 is more secure than 777.

Houselights answered 17/2, 2023 at 7:56 Comment(2)

I up-voted this because you explained it simply. Now I have proven this was my underlying issue I can go ahead and implement a more secure way to gain the permission. Thanks. – Telega 18/2, 2023 at 3:24

I down-voted this because it's a critical security error, and allows any local process to trivially take over the host. – Eskill 30/11, 2023 at 11:52

Simply adding docker as a supplementary group for the jenkins user

sudo usermod -a -G docker jenkins

is not always enough when using a Docker image as the Jenkins Agent. That is, if your Jenkinsfile starts with pipeline{agent{dockerfile or pipeline{agent{image:

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
        }
    }
    stages {

This is because Jenkins performs a docker run command, which results in three problems.

The Agent will (probably) not have the Docker programs installed.
The Agent will not have access to the Docker daemon socket, and so will try to run Docker-in-Docker, which is not recommended.
Jenkins gives the numeric user ID and numeric group ID that the Agent should use. The Agent will not have any supplementary groups, because docker run does not do a login to the container (it's more like a sudo).

Installing Docker for the Agent

Making the Docker programs available within the Docker image simply requires running the Docker installation steps in your Dockerfile:

# Dockerfile.jenkinsAgent
FROM debian:stretch-backports
# Install Docker in the image, which adds a docker group
RUN apt-get -y update && \
 apt-get -y install \
   apt-transport-https \
   ca-certificates \
   curl \
   gnupg \
   lsb-release \
   software-properties-common

RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

RUN apt-get -y update && \
 apt-get -y install \
   docker-ce \
   docker-ce-cli \
   containerd.io

...

Sharing the Docker daemon socket

As has been said before, fixing the second problem means running the Jenkins Docker container so it shares the Docker daemon socket with the Docker daemon that is outside the container. So you need to tell Jenkins to run the Docker container with that sharing, thus:

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
            args '-v /var/run/docker.sock:/var/run/docker.sock'
        }
    }

Setting UIDs and GIDs

The ideal fix to the third problem would be set up supplementary groups for the Agent. That does not seem possible. The only fix I'm aware of is to run the Agent with the Jenkins UID and the Docker GID (the socket has group write permission and is owned by root.docker). But in general, you do not know what those IDs are (they were allocated when the useradd ... jenkins and groupadd ... docker ran when Jenkins and Docker were installed on the host). And you can not simply tell Jenkins to user user jenkins and group docker

args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:docker'

because that tells Docker to use the user and group that are named jenkins and docker within the image, and your Docker image probably does not have the jenkins user and group, and even if it did there would be no guarantee it would have the same UID and GID as the host, and there is similarly no guarantee that the docker GID is the same

Fortunately, Jenkins runs the docker build command for your Dockerfile in a script, so you can do some shell-script magic to pass through that information as Docker build arguments:

pipeline {
    agent {
        dockerfile {
            filename 'Dockerfile.jenkinsAgent'
            additionalBuildArgs  '--build-arg JENKINSUID=`id -u jenkins` --build-arg JENKINSGID=`id -g jenkins` --build-arg DOCKERGID=`stat -c %g /var/run/docker.sock`'
            args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:docker'
        }
    }

That uses the id command to get the UID and GID of the jenkins user and the stat command to get information about the Docker socket.

Your Dockerfile can use that information to setup a jenkins user and docker group for the Agent, using groupadd, groupmod and useradd:

# Dockerfile.jenkinsAgent
FROM debian:stretch-backports
ARG JENKINSUID
ARG JENKINSGID
ARG DOCKERGID
...
# Install Docker in the image, which adds a docker group
RUN apt-get -y update && \
 apt-get -y install \
   apt-transport-https \
   ca-certificates \
   curl \
   gnupg \
   lsb-release \
   software-properties-common

RUN curl -fsSL https://download.docker.com/linux/debian/gpg | apt-key add -
RUN add-apt-repository \
   "deb [arch=amd64] https://download.docker.com/linux/debian \
   $(lsb_release -cs) \
   stable"

RUN apt-get -y update && \
 apt-get -y install \
   docker-ce \
   docker-ce-cli \
   containerd.io

...
# Setup users and groups
RUN groupadd -g ${JENKINSGID} jenkins
RUN groupmod -g ${DOCKERGID} docker
RUN useradd -c "Jenkins user" -g ${JENKINSGID} -G ${DOCKERGID} -M -N -u ${JENKINSUID} jenkins

Selfcongratulation answered 8/4, 2019 at 17:34 Comment(6)

This is an excellent comprehensive solution and the only one that worked for me when using docker socket shared to docker via dockerfile. It should be its own blog post. Thanks for this! – Eby 31/7, 2019 at 18:27

Seems like you could pass -u jenkins:$(getent group docker | cut -d: -f3)? – Uturn 3/10, 2019 at 15:5

When passing the args, it's probably better to change the following line : args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:docker' by args '-v /var/run/docker.sock:/var/run/docker.sock -u jenkins:jenkins --group-add docker' When passing -u jenkins:docker, you change the primary user group, which mean when the user write a file, let say in the workspace, it will set the file user to jenkins and the group to docker. Which is probably not what we intend. – Silverweed 19/5, 2020 at 21:51

Precious resource. Thank you ! – Filomena 2/8, 2022 at 8:45

You missed information, where do I get DOCKERGID from. Also how to run the build with those arguments from Dockerfile? – Collinsia 27/7, 2023 at 8:27

@Collinsia it says DOCKERGID=stat -c %g /var/run/docker.sock – Selfcongratulation 27/7, 2023 at 13:55

I added the jenkins user to root group and restarted the jenkins and it started working.

sudo usermod -a -G root jenkins
sudo service jenkins restart

Rogerson answered 22/12, 2017 at 23:33 Comment(1)

This is a bad security practice. The preferred approach is this answer. – Zwolle 15/6, 2018 at 19:42

I used below command, it worked for me.

sudo chmod 777 /var/run/docker.sock

Faery answered 18/2, 2023 at 11:4 Comment(0)

I faced a similar issue, which is a permission issue and the cause of this issue is because the Docker daemon/server always runs as the root user, and wants you to always preface the docker command with sudo.

Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo.

To fix this, here's what worked for me:

Firstly, check if you have a docker group already created:

cat /etc/group

If you don't find docker in the list that is displayed, then you will need to create one:

sudo groupadd docker

Next, confirm your user and your group using the command below:

cat /etc/group

Scroll through to see the group for docker. It should be of this format

docker:x:140:promisepreston

where docker is my group and promisepreston is my user

Now we can add your user to the docker group

Also add your user to the “docker” group, If you would like to use Docker as a non-root user:

Copy and run the command below in your terminal exactly how it is stated without modifying it in any way, regardless of the docker image/container/command that you want to run or are trying to run or is causing the permission issue:

sudo usermod -aG docker $USER

After running the command above, you will need to Log out and log back in so that your group membership is re-evaluated. However, on Linux, you can also run the following command below to activate the changes to groups (Copy and run the command below in your terminal exactly how it is stated without modifying it in any way, regardless of the docker image/container/command that you want to run or are trying to run or is causing the permission issue):

newgrp docker

sudo systemctl restart docker

You can now verify that you can run docker commands without sudo permissions, by running the command that is causing the permissions issue again, say (Replace my-command with the name of your image/container/command):

docker run my-command

For Docker and Local filesystem files:

If you have a copy of the files on your local filesystem, then you can change the ownership of the application directory where the application files are stored, using this format:

sudo  chown  your_user:your_group  -R my-app-directory/

So in my case it will be:

sudo chown promisepreston:docker -R my-app-directory/

Note: Please run this command inside the parent directory housing the application directory.

That's all.

I hope this helps

Demon answered 9/11, 2019 at 3:14 Comment(0)

Step 1: add your username to the docker group:

sudo usermod -a -G docker $USER

Then logout and login again.

Step 2: Then change docker group ID :

newgrp docker

Bonus: Check your new group:

id -g

P.S If you are interested, the reference is here.

Sverige answered 31/8, 2020 at 14:56 Comment(1)

Logout doesn't always work. Restart did work for me. – Judicative 21/2, 2022 at 12:52

I fixed this issue using the following commands:

sudo chmod 777 /var/run/docker.sock
sudo chown ${USER}:docker /var/run/docker.sock

Loveliesbleeding answered 13/11, 2022 at 17:41 Comment(0)

I have Jenkins running in Docker and connected Jenkins is using Docker socket from host machine Ubuntu 16.04 via volume to /var/run/docker.sock.

For me solution was:

1) Inside Docker container of Jenkins (docker exec -it jenkins bash on host machine)

usermod -a -G docker jenkins
chmod 664 /var/run/docker.sock
service jenkins restart (or systemctl restart jenkins.service)
su jenkins

2) On host machine:

sudo service docker restart

664 means - read and write(but not execute) for owner and users from group.

Golden answered 2/2, 2018 at 10:58 Comment(1)

This is the only solution that doesn't require a login/login, ie the solution that works when trying to run this in a shell script. – Haddix 10/3, 2020 at 14:3

While doing production config i got the permission issue.I tried below solution to resolve the issue.

Error Message

ubuntu@node1:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

Solution: permissions of the socket indicated in the error message, /var/run/docker.sock:

ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw---- 1 root root 0 Oct 17 11:08 docker.sock
ubuntu@ip-172-31-21-106:/var/run$ sudo chmod 666 /var/run/docker.sock
ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw-rw- 1 root root 0 Oct 17 11:08 docker.sock

After changes permission for docket.sock then execute below command to check permissions.

ubuntu@ip-172-31-21-106:/var/run$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Juice answered 17/10, 2019 at 13:23 Comment(0)

We have two methods for solve this issue..

Method 1 Apply the new group membership

sudo usermod -aG docker ${USER}
su - ${USER}

Method 2 Change the file permision and group permisions

chmod 777 /var/run/docker.sock
sudo chown root:docker /var/run/docker.sock

Method 1 is secure method.

Termite answered 17/5, 2022 at 7:2 Comment(2)

As you said Method 1 is a secure method. but Method 2 is not recommended if we just installed docker, a reboot of the system will solve the problem. – Thun 20/5, 2022 at 17:0

Option 2 is gratuitously insecure; chmod 777 on anything is usually inadvisable, and access to the Docker socket comes with the ability to root the entire host, so giving very broad permissions on that socket file is all but equivalent to disabling your root password for local processes. – Eskill 19/7, 2022 at 23:26

No one seem to mention, that according to the official source: https://docs.docker.com/engine/install/linux-postinstall/#manage-docker-as-a-non-root-user - you can just "pre" your command with sudo and it will work without creating users or other manipulations. For example sudo docker pull mongo - this works.

Bryna answered 12/9, 2022 at 21:31 Comment(0)

In my case, it was not only necessary add jenkins user to docker group, but make that group the primary group of the jenkins user.

# usermod -g docker jenkins
# usermod -a -G jenkins jenkins

Don't forget to reconnect the jenkins slave node or restart the jenkins server, depend on your case.

Hickie answered 7/12, 2018 at 0:53 Comment(0)

2019-05-26

This worked for me !

Example docker-compose:

version: "3"
services:
  jenkins:
    image: jenkinsci/blueocean
    privileged: true
    ports:
      - "8080:8080"
    volumes:
      - $HOME/learning/jenkins/jenkins_home:/var/jenkins_home
    environment:
      - DOCKER_HOST=tcp://socat:2375
    links:
      - socat

  socat:
     image: bpack/socat
     command: TCP4-LISTEN:2375,fork,reuseaddr UNIX-CONNECT:/var/run/docker.sock
     volumes:
        - /var/run/docker.sock:/var/run/docker.sock
     expose:
        - "2375"

Hardpressed answered 25/5, 2019 at 19:24 Comment(1)

Very convenient... No need to merge with permissions. – Hyaluronidase 7/4, 2021 at 8:13

2019-02-16

Most of the steps were the same for me as the others has written. However, I was not able to add jenkins to the group docker using usermod with the mentioned solutions.

I tried the following command from the docker host, and from the running docker container:

sudo usermod -a -G docker jenkins

(I entered to the running docker container with the following command from the docker host:

docker exec -t -i my_container_id_or_name /bin/bash

)

Received from docker host:

usermod: user 'jenkins' does not exist

Received from docker container:

We trust you have received the usual lecture from the local System Administrator. It usually boils down to these three things:
#1) Respect the privacy of others.
#2) Think before you type.
#3) With great power comes great responsibility.
[sudo] password for jenkins:

I didnt know the password.

Without the sudo part of the command, in the docker container I received:

usermod: Permission denied. usermod: cannot lock /etc/passwd; try again later.

Solution: I entered to the running docker container from the docker host with the following command:

docker exec -t -i -u root my_container_id_or_name /bin/bash

Now, I entered as root, and issued the following command:

usermod -a -G docker jenkins

Then, from the docker host, I restarted my running docker container with the following command:

docker restart my_container_id_or_name

After that, I started the jenkins job and it finished with success.

I only used the root user to issue the usermod command for the user jenkins.

Kroeger answered 16/2, 2019 at 12:38 Comment(0)

If you may get errors like below,

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

level=error msg="failed to dial gRPC: cannot connect to the Docker daemon. Is 'docker daemon' running on this host?: dial unix /var/run/docker.sock: connect: permission denied"

Just try to execute the following commands,

$ sudo su - jenkins
$ sudo usermod -a -G docker $USER
$ sudo chown jenkins:docker /var/run/docker.sock

About answered 21/11, 2019 at 12:58 Comment(3)

`sudo usermod -a -G docker $USER' will ask for the password of jenkins, not sure what is the user password. – Woolly 26/11, 2019 at 6:12

I think you should give the sudo permission for the Jenkins user. or you can try with the following command in root user, usermod -a -G docker jenkins and chown jenkins:docker /var/run/docker.sock – About 26/11, 2019 at 7:57

You shouldn't change ownership of the socket to jenkins. And you should run sudo as whatever normal user has sudo access, not as jenkins. What does this answer add to the accepted answer? – Paprika 21/12, 2019 at 3:24

I`m using the official jenkins docker image (https://hub.docker.com/r/jenkins/jenkins) but I think this solution is applicable to most use cases where we want to run Docker inside a Docker container.

The recommended way for using Docker inside a Docker container, is to use the Docker deamon of the host system. Good article regarding that: https://itnext.io/docker-in-docker-521958d34efd.

The secret to handle the permission issue, which this question is about, is to add permissions for the user of the container inside the container, not the host system. Only root user has permissions to do that by default, so

docker exec -it -u root <container-name> bash
usermod -a -G docker <username>

will do it. Remember to restart the container.

I guess the simpliest way to achive this is to create a customised Dockerfile:

# Official jenkins image
FROM jenkins/jenkins:lts
# Swith to root to be able to install Docker and modify permissions
USER root
RUN apt-get update
# Install docker
RUN curl -sSL https://get.docker.com/ | sh
# Add jenkins user to docker group
RUN usermod -a -G docker jenkins
# Switch back to default user
USER jenkins

# Bild the image:
# sudo docker build -t yourusername/imagename .
# Run the image and mount with the followin bind mount option:
# sudo docker run --name imagename -d -p8080:8080 -v /var/run/docker.sock:/var/run/docker.sock yourusername/imagename

Proper answered 30/12, 2019 at 21:57 Comment(1)

No need to install an entire docker on Jenkins image, see my answer – Broadfaced 24/3, 2020 at 2:4

In my case this will work successfully. navigate your local repo and enter this command.

sudo chmod 666 /var/run/docker.sock

Discourse answered 13/3, 2020 at 1:22 Comment(0)

sudo usermod -a -G docker jenkins
sudo service jenkins restart

Dehypnotize answered 21/3, 2019 at 2:18 Comment(0)

I am running Jenkins inside a docker container. The simplest solution for me was to make a custom image that dynamically sets the GID, like:

FROM jenkins/jenkins:lts
...
CMD DOCKER_GID=$(stat -c '%g' /var/run/docker.sock) && \
    groupadd -for -g ${DOCKER_GID} docker && \
    usermod -aG docker jenkins && \
    sudo -E -H -u jenkins bash -c /usr/local/bin/jenkins.sh

See: https://github.com/jenkinsci/docker/issues/263

Alternatively you could launch jenkins with the following options:

-v /var/run/docker.sock:/var/run/docker.sock \
-u jenkins:$(getent group docker | cut -d: -f3)

This assumes your jenkins image has docker client installed. See: https://getintodevops.com/blog/the-simple-way-to-run-docker-in-docker-for-ci

Uturn answered 3/10, 2019 at 15:44 Comment(0)

If you're running Jenkins inside a docker container and your Jenkins is linking to the host docker then you can fix that just by the Dockerfile below:

FROM jenkins/jenkins:2.179
USER root
RUN groupadd docker && usermod -a -G docker jenkins
USER jenkins

Broadfaced answered 24/3, 2020 at 2:2 Comment(1)

jenkins/jenkins image does not contain docker nor docker-cli. You need to install docker-cli or mount it from host. – Classy 27/7, 2020 at 11:33

sudo setfacl --modify user:(user name or ID):rw /var/run/docker.sock

Several times I tried to execute the command

sudo chmod 777 /var/run/docker.sock

but unfortunately, I have to do this every time when I'm logging in to ubuntu system. It doesn't require a restart and is more secure than usermod or chown. user ID is required when the user name only exists inside the container, but not on the host.

I hope that it will help you solve the problem.

Micronesian answered 7/8, 2020 at 6:21 Comment(0)

check if ur docker is running sudo systemctl status docker

To check the error docker ps -a

Give Permission sudo usermod -aG docker ${USER} next command su - ${USER}

check again if it gives error docker ps -a

Semicentennial answered 24/9, 2021 at 7:20 Comment(0)

I was getting problem that after restarting the ubuntu server docker was loosing the access if I have given the permission via sudo chmod 666 /var/run/docker.sock

Hence I needed to add my username (ubuntu) to the docker group via: sudo usermod -aG docker ubuntu

Subdivision answered 18/5, 2022 at 11:24 Comment(0)

On the server where Jenkins is running, I used

sudo setfacl -m user:tomcat:rw /var/run/docker.sock

And then run each docker container with

-v /var/run/docker.sock:/var/run/docker.sock

Using setfacl seems a better option, and no "-u user" is needed. The containers then run as the same user that is running Jenkins. But I would appreciate any feedback from the security experts.

Duffer answered 10/8, 2019 at 22:59 Comment(0)

use below dockerfile

FROM jenkins/jenkins

USER root

# Install Docker
RUN apt-get update && \
    apt-get -y install apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common && \
    curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
    add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
    $(lsb_release -cs) \
    stable" && \
    apt-get update && \
    apt-get -y install docker-ce


# Compose
RUN curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose



RUN usermod -aG docker jenkins
RUN usermod -aG root jenkins

USER jenkins

Whitelaw answered 30/12, 2019 at 7:0 Comment(0)

in my case it was just starting docker service :

sudo service docker start

Brownson answered 20/1, 2020 at 17:10 Comment(0)

Change bellow ""your_user" to true user

echo "your_user ALL=(ALL) NOPASSWD: /usr/local/bin/docker, /usr/local/sbin/docker, /usr/bin/docker, /usr/sbin/docker, /bin/docker, /sbin/docker" > /etc/sudoers.d/sudo_docker

usermod -aG docker your_user

chmod 0660 /var/run/docker.sock

chown root:docker /var/run/docker.sock

Papal answered 4/11, 2022 at 13:31 Comment(0)

when we run the Docker in Jenkins pipeline , the pipeline is run with jenkins user so we have to add Jenkin user into docker group , for add the user into docker group run below command

sudo usermod -a -G docker jenkins

after that logout form Jenkins and login into jenkins

it is work for me

Clevie answered 31/10, 2023 at 11:22 Comment(0)

I am using Fedora 38 and my user is in the docker group, but I still got permission denied. The fix was to set ryuk.container.privileged = true in /home/myuser/.testcontainers.properties. There was no need to change permissions of /var/run/docker.sock.

Poultice answered 26/1 at 8:14 Comment(0)

-1

If someone is still facing the issue on their local machine(Ubuntu) then try below command:

sudo chmod 666 /var/run/docker.sock

Librarianship answered 1/3, 2020 at 5:4 Comment(0)

-1

often need a reboot to take effect on the new user group and user.

Prevent answered 19/3, 2020 at 10:49 Comment(1)

Looks like a dangling comment - not an answer. – Classy 27/7, 2020 at 11:34

-1

If you want to keep it simple, use fixdockergid on your Dockerfile.

Iain answered 20/8, 2020 at 16:7 Comment(0)

-1

In addition to adding the user to the docker group and trying everything mentioned in this thread, it took me a while to realize that I had to restart my terminal and then log back into the ec2 instance. It worked after that.

Thinskinned answered 23/9, 2020 at 7:4 Comment(0)

-1

I was able to make this work as well without having to change the permissions on the local unix socket /var/run/docker.sock. What I had to do was to enable tcp connections on the build agent node and then specify the docker host in the Jenkins cloud configuration.

Assuming that you are using a aws image, ssh into your build agent node(s) and enable tcp ports using the /etc/sysconfig/docker file

Add the -H tcp://127.0.0.1:2376 option.

# Additional startup options for the Docker daemon, for example:
# OPTIONS="--ip-forward=true --iptables=true"
# By default we limit the number of open files per container
OPTIONS="-H tcp:/127.0.0.1:2376 --default-ulimit nofile=1024:4096"

Make sure to restart the daemon using sudo service docker restart

Finally you need to tell Jenkins to use tcp by default using the DOCKER_HOST environment variable configured in the cloud nodes configuration. Note this is not a configuration in the Jenkins pipeline environment.

Navigate to Jenkins -> Manage Jenkins -> Manage Cloud And Nodes -> Some Configuration -> Node Properties -> Environment Variables

Then add your DOCKER_HOST environment variable.

NOTE: I am using Launch agents via ssh to make this work.

Trouvaille answered 18/3, 2021 at 22:6 Comment(2)

This approach opens up a trivial remote root exploit on your system. – Eskill 21/12, 2021 at 19:45

Then use 127.0.0.1 instead of 0.0.0.0 – Trouvaille 21/12, 2021 at 22:7

-1

Resolved by following steps: sudo groupadd docker sudo usermod -aG docker $USER newgrp docker

Verified by running docker run hello-world

Halinahalite answered 10/3, 2023 at 16:42 Comment(1)

You can also try to run this command "sudo chmod 666 /var/run/docker.sock" – Halinahalite 29/1 at 22:4

-6

Maybe you should run the docker with option "-u root" from the very beginning

At least that solved my problem

Exhortation answered 21/2, 2018 at 22:52 Comment(1)

Then you may get files being created as user root. At least this is what happened to me, with Docker 18.06.1. – Wooded 15/2, 2019 at 6:47

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++