You run a Docker command and get this:

GPdooitsatlpe"urhnmtiitxsps:i/an%r2/dFrevunanir/e%dd2oFcwrkhueinrl%.e2sFotdcrokyc:iknecgro.ntsnooeccckto/:nvn1pe.ec2rt4m/itcsoosnittohaneindDeeorncsik/eecdrredaateem"o:nsocketatunix:///var/run/docker.sock:

This happens because Docker runs as root by default, and your user doesn’t have permission to access the Docker socket. Here’s how to fix it properly.

You could just use sudo for everything:

1

sudo docker ps

This works but gets tedious fast. You’ll need sudo for every Docker command, and it breaks tools that expect Docker access without elevation.

The Right Fix: Add Your User to the Docker Group

Docker creates a docker group during installation. Members of this group can access the Docker socket without sudo.

Step 1: Create the Docker Group (If It Doesn’t Exist)

1

sudo groupadd docker

If you get “group ‘docker’ already exists,” that’s fine — move to step 2.

Step 2: Add Your User to the Group

1

sudo usermod -aG docker $USER

The -aG flags mean “append to group” — this adds Docker to your existing groups without removing any.

Step 3: Apply the Group Change

Here’s where most tutorials fail you. The group change doesn’t take effect until you log out and back in. You have three options:

Option A: Log out and back in

Close your terminal, log out of your desktop session, log back in.

Option B: Use newgrp (temporary)

1

newgrp docker

This starts a new shell with the docker group active. Works for testing but doesn’t persist.

Option C: Reboot

1

sudo reboot

Nuclear option, but guaranteed to work.

Step 4: Verify It Worked

1

docker run hello-world

If you see “Hello from Docker!” without needing sudo, you’re done.

Why This Happens

The Docker socket (/var/run/docker.sock) has these permissions:

1
2

$ ls -la /var/run/docker.sock
srw-rw---- 1 root docker 0 Mar 30 10:00 /var/run/docker.sock
  • Owner: root (can read/write)
  • Group: docker (can read/write)
  • Others: no access

When your user isn’t in the docker group, you’re “others” — no access.

Common Gotchas

“I added myself to the group but it still doesn’t work”

You didn’t re-login. The groups command shows your current session’s groups:

1
2

$ groups
myuser adm cdrom sudo

If docker isn’t listed, your session hasn’t picked up the change. Log out and back in.

“It worked yesterday but not today”

The Docker daemon might have restarted and recreated the socket with different permissions. Check if Docker is running:

1

sudo systemctl status docker

Restart it if needed:

1

sudo systemctl restart docker

“I’m in the docker group but /var/run/docker.sock doesn’t exist”

Docker daemon isn’t running:

1
2

sudo systemctl start docker
sudo systemctl enable docker  # Start on boot

“Permission denied inside a container trying to use Docker”

You’re trying to run Docker-in-Docker or access the host’s Docker from a container. You need to mount the socket:

1

docker run -v /var/run/docker.sock:/var/run/docker.sock myimage

Security warning: This gives the container full control over your host’s Docker daemon. Only do this with containers you trust completely.

Security Implications

Adding a user to the docker group is essentially giving them root access. Anyone who can run Docker containers can:

1
2

# Mount the host filesystem
docker run -v /:/host alpine cat /host/etc/shadow

This is equivalent to root. Only add trusted users to the docker group.

For multi-user systems or production, consider:

  • Rootless Docker: Runs the daemon as your user, no privilege escalation
  • Podman: Daemonless container runtime, rootless by default
  • Restricted socket access: Use Docker contexts with TLS authentication

TL;DR

1
2
3
4
5

# Add yourself to docker group
sudo usermod -aG docker $USER

# Log out and back in, then verify
docker run hello-world

That’s it. The permission error happens because your user can’t access the Docker socket. Adding yourself to the docker group fixes it, but remember to re-login for the change to take effect.