I am working through this tutorial setting up Docker, and I'm finding that all of their examples are written like

docker run hello-world

but when I try it, it says permission denied on a socket and I have to do

sudo docker run hello-world

to run the examples. Why are root privileges necessary even for these simple examples?

Running a docker container requires the user to be a member of the docker group. By default, when you install docker, the only user that is added to it is root. You can add your own user to this group if you want to run docker containers from it.

Requiring sudo-level access to get access to Docker is a sound security restriction. Otherwise, anyone who can run any Docker commands at all, can run this one:

docker run -v /etc:/host-etc busybox \
  sh -c 'echo ALL ALL(ALL:ALL) NOPASSWD:ALL >> /host-etc/sudoers'

That is, anyone who can run Docker commands is all but root already.

Really this is controlled by the file permissions on /var/run/docker.sock. Having a docker group that owns that socket file and giving it mode 0660 is a common setup (particularly on Ubuntu). But, again, anyone who's a member of the docker group can read and change arbitrary files on the host, and is root in all but name.

By default, it is the root user who owns the unix socket that binds with Docker daemon. So when you are trying without sudo, it give permission denied.

You can run without sudo with below steps by adding a user to a new created group docker:

Step 1: Create docker group

sudo groupadd docker

Step 2: Add your user to the docker group

sudo usermod -aG docker $USER

Step 3: Log out and log back in so that your group membership is re-evaluated. Run this command to activate changes to groups:

newgrp docker

Now, it will work without sudo. Verify by running simple hello- world images:

docker run hello-world