The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo. The Docker daemon always runs as the root user.
If you don’t want to preface the docker command with sudo, create a Unix group called docker and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
Warning: The
dockergroup grants privileges equivalent to therootuser. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Note: To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode) . Rootless mode is currently available as an experimental feature.
To create the docker group and add your user:
- Create the
dockergroup.
sudo groupadd docker- Add your user to the
dockergroup.
sudo usermod -aG docker $USER- Log out and log back in so that your group membership is re-evaluated. If testing on a virtual machine, it may be necessary to restart the virtual machine for changes to take effect. On a desktop Linux environment such as X Windows, log out of your session completely and then log back in. On Linux, you can also run the following command to activate the changes to groups:
newgrp docker