This error occurs when your user account lacks permission to access the Docker daemon socket at /var/run/docker.sock. The fix is to add your user to the docker group, which grants the necessary permissions without using sudo for every command.
When you run Docker commands, the Docker CLI communicates with the Docker daemon through a Unix socket located at `/var/run/docker.sock`. This socket is owned by root and the docker group, with permissions that only allow root users and members of the docker group to access it. This error appears because: - Your user is not a member of the `docker` group - You're running Docker commands without `sudo` - The Docker daemon is running with default permissions The Docker daemon always runs as root. By default, the Unix socket it creates is owned by `root:docker` with permissions `srw-rw----`, meaning only root and docker group members can communicate with the daemon.
First, ensure the Docker daemon is actually running:
sudo systemctl status dockerIf Docker is not running, start it:
sudo systemctl start dockerTo enable Docker to start on boot:
sudo systemctl enable dockerThe docker group may not exist on some systems. Create it:
sudo groupadd dockerIf the group already exists, you'll see a message saying so - that's fine.
Add your current user to the docker group:
sudo usermod -aG docker $USERThe -aG flags mean:
- -a: Append to the group (don't remove from other groups)
- -G: Specify the group name
You can also add a specific user:
sudo usermod -aG docker usernameFor the group membership to take effect, you have several options:
Option 1: Log out and log back in
This is the most reliable method. Close your terminal, log out of your desktop session, and log back in.
Option 2: Use newgrp (immediate, current shell only)
newgrp dockerThis activates the docker group in your current shell session without logging out.
Option 3: Reboot (if other methods don't work)
sudo rebootTest that Docker works without sudo:
docker run hello-worldYou should see a "Hello from Docker!" message without any permission errors.
Also verify your group membership:
groupsYou should see docker in the list of groups.
If you previously ran Docker with sudo, the ~/.docker directory may have incorrect ownership:
sudo chown "$USER":"$USER" /home/"$USER"/.docker -R
sudo chmod g+rwx "$HOME/.docker" -RThis ensures your user owns the Docker configuration directory.
Security Considerations:
Adding users to the docker group is effectively granting them root-equivalent privileges. Docker containers can be used to escalate privileges on the host system. Only add trusted users to this group.
Rootless Mode Alternative:
For better security, consider running Docker in rootless mode:
dockerd-rootless-setuptool.sh installRootless mode runs the Docker daemon and containers entirely in user space without requiring root privileges. See the official Docker documentation for setup details.
SELinux Considerations (RHEL/CentOS/Fedora):
If you're on a system with SELinux and still having issues after adding your user to the docker group:
sudo ausearch -m avc -ts recentIf SELinux is blocking access, you may need to adjust SELinux policies or temporarily set it to permissive mode for troubleshooting.
Temporary Workaround (Not Recommended for Production):
Running sudo chmod 666 /var/run/docker.sock will allow anyone to access Docker, but this is a serious security risk. Anyone on the system could control Docker, potentially leading to container escapes or system compromise. Use this only for temporary debugging on isolated systems.
Virtual Machine Considerations:
When running Docker inside a VM, you may need to restart the entire VM for group changes to take effect, as some hypervisors cache user sessions.
image operating system "linux" cannot be used on this platform
How to fix 'image operating system linux cannot be used on this platform' in Docker
manifest unknown: manifest unknown
How to fix 'manifest unknown' in Docker
cannot open '/etc/passwd': Permission denied
How to fix 'cannot open: Permission denied' in Docker
Error response from daemon: failed to create the ipvlan port
How to fix 'failed to create the ipvlan port' in Docker
toomanyrequests: Rate exceeded for anonymous users
How to fix 'Rate exceeded for anonymous users' in Docker Hub