Ad Space — Top Banner

Docker Permission Denied

Linux Linux

Severity: Minor

What Does This Error Mean?

When you run a Docker command and get 'permission denied while trying to connect to the Docker daemon socket', it means your user account does not have permission to communicate with the Docker service. By default, only the root user and members of the 'docker' group can run Docker commands. Adding your user to the docker group fixes this and lets you run Docker without typing sudo every time.

Affected Models

  • Ubuntu
  • Debian
  • Fedora
  • Arch Linux
  • CentOS
  • Rocky Linux
  • RHEL

Common Causes

  • Your user account is not a member of the 'docker' group, which is required for non-root Docker access
  • Docker was just installed and you have not logged out and back in for the group membership to take effect
  • The Docker socket file (/var/run/docker.sock) has permissions that exclude your user
  • Docker service is not running, causing all connection attempts to fail with a permission-like error
  • SELinux or AppArmor policies on the system are blocking access to the Docker socket

How to Fix It

  1. Add your user to the docker group. Run: sudo usermod -aG docker $USER — then log out and log back in completely (not just a new terminal tab — a full log out). After logging back in, run: docker run hello-world to verify it works.

    Group membership changes only take effect after a new login session. Opening a new terminal window is not enough — you must fully log out and back in, or restart the system.

  2. If you just added yourself to the group and do not want to log out, apply the group change to your current session only: newgrp docker — then run your Docker command in the same terminal.

    newgrp applies the group change only to the current terminal session. You will still need to log out and back in for it to apply everywhere permanently.

  3. Verify the Docker service is running. Run: sudo systemctl status docker — if it shows inactive or failed, start it: sudo systemctl start docker — and enable automatic start: sudo systemctl enable docker.

    A stopped Docker service produces connection errors that look like permission errors. Always check the service status first.

  4. Check your current group membership. Run: groups — and look for 'docker' in the output. If it is not listed even after running usermod, verify the docker group exists: getent group docker. If the group is missing, the Docker installation may be incomplete — reinstall Docker.

    On some distributions, Docker installs as docker.io (Ubuntu) or docker-ce (other distros) — ensure you have a proper Docker Engine installation, not just the docker command stub.

  5. If you must run Docker as a specific user without group membership (for example in a CI/CD environment), you can adjust the socket permissions temporarily: sudo chmod 666 /var/run/docker.sock — but note this is a security risk and should not be used on shared or production systems.

    The recommended long-term solution is always to add users to the docker group, not to open the socket permissions.

When to Call a Professional

Docker permission issues are almost always fixed by the steps below. SELinux-related Docker problems on RHEL or CentOS environments may need a system administrator familiar with SELinux policy management.

Frequently Asked Questions

Is it safe to add my user to the docker group?

It is convenient but comes with a security trade-off. Members of the docker group can effectively gain root access to the system by mounting sensitive directories inside containers. For a personal workstation this trade-off is generally acceptable. For shared servers or production environments, consider using rootless Docker (docker rootless mode) instead, or require sudo for Docker commands. Rootless Docker lets each user run containers under their own UID without any elevated privileges.

I added myself to the docker group but still get permission denied after relogging. What else can I try?

Run: id in a terminal and check if docker appears in the groups list. If not, the usermod command may not have worked. Verify the docker group exists: cat /etc/group | grep docker. If it exists but you are not listed, try running the usermod command again: sudo usermod -aG docker [your_username] and reboot (not just log out). A full system reboot is more reliable than a log out/log in for group changes.

What is the Docker daemon socket?

The Docker daemon is a background service (dockerd) that manages all container operations — building images, starting and stopping containers, managing networks and volumes. It listens for instructions through a Unix socket file located at /var/run/docker.sock. When you run a Docker command like docker run or docker ps, the Docker CLI connects to this socket and sends a request to the daemon. The socket is protected by file permissions so only authorized users (root and the docker group) can send commands to it.

Related Error Codes

Permission Denied Linux Permission Denied Error Fix Failed to Start Service Linux Failed to Start Service Fix Sudo Command Not Found Linux sudo Command Not Found Fix