How to Fix Docker “Got permission denied while trying to connect to the Docker daemon socket” Error [2026 Latest Guide]
One of the most common errors encountered when starting to use Docker is “Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock.” This article provides a detailed explanation of the causes and specific solutions for this error, updated for the latest 2026 environments. This is essential reading for all users running Docker on Linux (Ubuntu, CentOS, Debian, etc.).
What Is This Error? Symptoms You’ll Experience
After installing Docker or when running docker commands on a Linux server, you may see the following error message:
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/create": dial unix /var/run/docker.sock: connect: permission denied.
This error can occur with virtually any Docker command, including docker ps, docker run, and docker-compose up. Specifically, you may encounter these symptoms:
docker run hello-worldfails: The most common first encounter when verifying Docker installationdocker psdoesn’t show containers: Unable to view running containers due to permission errorsdocker-compose upwon’t start: Multi-container applications fail to launch- CI/CD pipelines fail: Docker commands in Jenkins, GitHub Actions, GitLab CI, etc. halt with permission errors
- VS Code Dev Containers extension can’t connect: Unable to connect to Docker in remote development environments
When this error occurs, all Docker functionality becomes unusable, bringing your development work to a complete halt. This is particularly frustrating for users who are new to Docker.
Causes of This Error
Cause 1: Current User Is Not in the Docker Group
This is the most common cause. The Docker daemon communicates through a Unix socket (/var/run/docker.sock) by default, and this socket is owned by the root user. Regular users need to belong to the docker group to execute Docker commands. Simply installing Docker doesn’t automatically add your user to this group, resulting in permission errors.
# Check socket permissions
ls -la /var/run/docker.sock
# Example output: srw-rw---- 1 root docker 0 Feb 12 10:00 /var/run/docker.sock
Cause 2: Not Logging Out/In After Group Change
After running sudo usermod -aG docker $USER to add your user to the docker group, you haven’t logged out and back in. In Linux, group membership changes don’t take effect until you start a new session (login). This is a very common oversight, and questions like “I ran the command but it still doesn’t work” frequently appear on Stack Overflow and Reddit.
Cause 3: Docker Daemon Is Not Running
A similar error can occur when the Docker service itself is stopped. This happens when Docker isn’t configured to start automatically after a server reboot, or when the Docker installation is incomplete.
# Check Docker service status
sudo systemctl status docker
Cause 4: Permissions on /var/run/docker.sock Have Been Incorrectly Modified
This occurs when socket file permissions have been manually changed, or when security tools have reset the permissions. The socket should be srw-rw---- with root:docker ownership; if the permissions differ, normal connections will fail.
Cause 5: SELinux or AppArmor Access Restrictions
On security-enhanced Linux distributions (RHEL, CentOS, Fedora, etc.), SELinux may block access to the Docker socket. Similarly, on Ubuntu and similar systems, AppArmor can be the cause.
Solution 1: Add Your User to the Docker Group (Recommended)
This is the safest and most recommended solution. It is also the approach recommended in the official Docker documentation.
Step 1: Check If the Docker Group Exists
First, verify that the docker group exists on your system. It is usually created automatically during Docker installation, but it’s worth checking.
# Check if the docker group exists
cat /etc/group | grep docker
If the group doesn’t exist, create it with the following command:
# Create the docker group
sudo groupadd docker
Step 2: Add Your User to the Docker Group
Use the following command to add the currently logged-in user to the docker group:
# Add current user to the docker group
sudo usermod -aG docker $USER
Command explanation:
– usermod: Command to modify user accounts
– -a: Append mode (doesn’t remove from existing groups)
– -G docker: Specifies the docker group
– $USER: Automatically populated with the current login username
To add a specific user, replace $USER with the username:
# Example: Add a specific user
sudo usermod -aG docker username
Step 3: Apply the Group Change
Method A: Log out & log back in (most reliable)
# For SSH connections
exit
# Then reconnect via SSH
# For desktop environments
# Log out and log back in
Method B: Use newgrp for immediate effect (current terminal only)
# Immediately activate docker group in current shell session
newgrp docker
This method only works for the current terminal session. When opening new terminals, you’ll need to log out and back in.
Step 4: Verify the Configuration
# Check if you belong to the docker group
groups
# Test if Docker works correctly
docker run hello-world
If you see the Hello from Docker! message, the configuration is complete.
Important Notes
- Forgetting the
-aoption (append) will cause the user to belong to the docker group “only,” removing them from all other groups. Always use-aGtogether - Belonging to the docker group gives that user root-equivalent privileges. Only add trusted users
- In WSL2 (Windows Subsystem for Linux) environments, restarting WSL (
wsl --shutdown) may be necessary
Solution 2: Use sudo with Docker Commands
This is a workaround for environments where you can’t change group settings, or when you need to use Docker temporarily.
Simply prefix all Docker commands with sudo to run them with root privileges:
# Run Docker commands with sudo
sudo docker run hello-world
sudo docker ps
sudo docker-compose up -d
This method works immediately but has the following drawbacks:
- Requires typing
sudoevery time - Makes execution within Docker Compose and scripts cumbersome
sudomay not be available in CI/CD pipelines- Environment variables and Docker context settings use those of the
rootuser
For long-term use, adding your user to the docker group (Solution 1) is strongly recommended.
For Docker Compose usage:
# Docker Compose
sudo docker compose up -d
# Legacy Docker Compose (v1)
sudo docker-compose up -d
Solution 3: Use Docker Rootless Mode (Advanced)
Rootless mode, officially supported since Docker 20.10, runs the Docker daemon itself with regular user privileges. As of 2026, Docker Engine 27.x has further improved stability, making this the recommended approach for security-conscious production environments.
Benefits of Rootless Mode
- No root privileges required at all
- Significantly reduced security risks
- Lower risk of host compromise from within containers
Installation Steps
First, install the required dependency packages:
# Ubuntu/Debian
sudo apt-get install -y uidmap dbus-user-session
# CentOS/RHEL
sudo yum install -y shadow-utils fuse-overlayfs
Next, run the Rootless mode setup script:
# Stop existing Docker (rootful)
sudo systemctl disable --now docker.service docker.socket
# Install Rootless mode
dockerd-rootless-setuptool.sh install
Set the environment variables:
# Add to ~/.bashrc or ~/.zshrc
export PATH=/usr/bin:$PATH
export DOCKER_HOST=unix:///run/user/$(id -u)/docker.sock
# Apply settings
source ~/.bashrc
# Verify it works
docker run hello-world
Important Notes
- Rootless mode has some limitations (binding privileged ports 80/443, certain storage drivers, etc.)
- Images and volumes created with root privileges cannot be used directly
- Network configuration may differ from standard mode
How to Prevent This Error
Take the following preventive measures to avoid Docker permission errors.
1. Configure Group Settings Immediately After Docker Installation
Complete the docker group addition before running your first command after installing Docker. Include this in your setup documentation or scripts for efficient setup every time.
# Example post-installation setup script
#!/bin/bash
sudo groupadd docker 2>/dev/null
sudo usermod -aG docker $USER
echo "Please log out and log back in"
2. Automate with Ansible or Shell Scripts
When automating team development or server builds, include Docker installation and group configuration in your automation scripts.
3. Verify CI/CD Pipeline Permission Settings
For GitHub Actions, GitLab CI, Jenkins, etc., verify that Docker socket access permissions are properly configured in advance. Many CI/CD platforms require specific settings for Docker usage.
4. Regularly Check Docker Service Status
# Enable Docker auto-start
sudo systemctl enable docker
# Check Docker service status
sudo systemctl status docker
5. Never Use chmod 666
You may find chmod 666 /var/run/docker.sock suggested as a “solution” online, but this is extremely dangerous from a security standpoint. It grants all users access to the Docker daemon, effectively giving root privileges to every user. Never use this in production environments.
Summary
The Docker “Got permission denied while trying to connect to the Docker daemon socket” error is an extremely common error encountered by virtually all Linux users starting with Docker. However, with proper understanding of its causes and solutions, it can be resolved in minutes.
Key Points:
– Recommended: Add your user to the docker group with sudo usermod -aG docker $USER and log out & back in
– Temporary: Use sudo docker for immediate command execution
– Security-focused: Consider Docker Rootless mode
If the issue persists, check the following:
1. Is the Docker service running? (sudo systemctl status docker)
2. Are socket file permissions correct? (ls -la /var/run/docker.sock)
3. Are SELinux/AppArmor settings interfering?
If you still can’t resolve it, we recommend asking on the Docker Community Forums or Stack Overflow with your environment details (OS, Docker version, full error message).
References
- Docker Official Docs: Linux post-installation steps
- Docker Official Docs: Rootless mode
- DigitalOcean: How to fix docker permission denied
- Baeldung: Permission Denied While Trying to Connect to the Docker Daemon Socket
- Docker Community Forums: Permission denied while trying to connect
- phoenixNAP: How to Fix Docker Permission Denied Error
- OneUptime: How to Fix Docker Permission Denied Errors (2026)
コメント