Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Question

I am new to docker. I just tried to use docker in my local machine(Ubuntu 16.04) with Jenkins.

I configured a new job with below pipeline script.

Answer 1

I added the jenkins user to root group and restarted the jenkins and it started working.

sudo usermod -a -G root jenkins
sudo service jenkins restart

Answer 2

I have Jenkins running in Docker and connected Jenkins is using Docker socket from host machine Ubuntu 16.04 via volume to /var/run/docker.sock.

For me solution was:

1) Inside Docker container of Jenkins (docker exec -it jenkins bash on host machine)

usermod -a -G docker jenkins
chmod 664 /var/run/docker.sock
service jenkins restart (or systemctl restart jenkins.service)
su jenkins

2) On host machine:

sudo service docker restart

664 means - read and write(but not execute) for owner and users from group.

Answer 3

If you're running Jenkins inside a docker container and your Jenkins is linking to the host docker then you can fix that just by the Dockerfile below:

FROM jenkins/jenkins:2.179
USER root
RUN groupadd docker && usermod -a -G docker jenkins
USER jenkins 

Answer 4

My first solutions was:

usermod -aG docker jenkins
usermod -aG root jenkins
chmod 664 /var/run/docker.sock

But none of them work for me, I tried:

chmod 777 /var/run/docker.sock

That works, but I don't know if it is the right call.

Answer 5

While doing production config i got the permission issue.I tried below solution to resolve the issue.

Error Message

ubuntu@node1:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

Solution: permissions of the socket indicated in the error message, /var/run/docker.sock:

ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw---- 1 root root 0 Oct 17 11:08 docker.sock
ubuntu@ip-172-31-21-106:/var/run$ sudo chmod 666 /var/run/docker.sock
ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw-rw- 1 root root 0 Oct 17 11:08 docker.sock

After changes permission for docket.sock then execute below command to check permissions.

ubuntu@ip-172-31-21-106:/var/run$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

Answer 6

I faced a similar issue, which is a permission issue and the cause of this issue is because the Docker daemon/server always runs as the root user, and wants you to always preface the docker command with sudo.

Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo.

To fix this, here's what worked for me:

Firstly, check if you have a docker group already created:

cat /etc/group

If you don't find docker in the list that is displayed, then you will need to create one:

sudo groupadd docker

Next, confirm your user and your group using the command below:

cat /etc/group

Scroll through to see the group for docker. It should be of this format

docker:x:140:promisepreston

where docker is my group and promisepreston is my user

Now we can add your user to the docker group

Also add your user to the “docker” group, If you would like to use Docker as a non-root user :

Copy and run the command below in your terminal exactly how it is stated without modifying it in anyway, regardless of the docker image/container/command that you want to run or are trying to run or is casuing the permission issue:

sudo usermod -aG docker $USER

After running the command above, you will need to Log out and log back in so that your group membership is re-evaluated. However, on Linux, you can also run the following command below to activate the changes to groups (Copy and run the command below in your terminal exactly how it is stated without modifying it in anyway, regardless of the docker image/container/command that you want to run or are trying to run or is casuing the permission issue):

newgrp docker 

You can now verify that you can run docker commands without sudo permissions, by running the command that is causing the permissions issue again, say (Replace my-command with the name of your image/container/command):

docker run my-command

For Docker and Local filesystem files:

If you have a copy of the files on your local filesystem, then you can change the ownership of the application directory where the application files are stored, using this format:

sudo​​ ​ chown​​ ​ <your_user>:<your_group>​​ ​ -R​​ my-app-directory/

So in my case it will be:

sudo chown promisepreston:docker -R my-app-directory/

Note: Please run this command inside the parent directory housing the application directory.

That's all.

I hope this helps