How to Fix Docker Permission Denied Error
In this tutorial, you'll learn about How to Fix Docker Permission Denied Error. We cover key concepts, practical examples, and best practices.
You run docker ps and get permission denied while trying to connect to the Docker daemon socket — your user lacks access to /var/run/docker.sock.
The Problem
docker: permission denied while trying to connect to the Docker daemon socket at
unix:///var/run/docker.sock: Get "http://%2Fvar%2Frun%2Fdocker.sock/v1.24/containers/json":
dial unix /var/run/docker.sock: connect: permission denied
The Docker socket is owned by root:docker with permissions srw-rw----. Users not in the docker group cannot access it.
Step-by-Step Fix
Step 1: Check your group membership
groups $USER
If docker is not in the list, proceed.
Step 2: Add user to docker group
sudo usermod -aG docker $USER
Step 3: Refresh group membership
newgrp docker
Or log out and back in.
Step 4: Verify access
docker ps
Expected:
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
Step 5: Verify dockerd is running as the right user
ps aux | grep dockerd
The daemon should run as root. If it runs as a different user, the socket ownership may be wrong. Restart Docker with sudo systemctl restart docker.
Step 6: Alternative — fix socket permissions (temporary)
sudo chmod 666 /var/run/docker.sock
This is insecure and resets on daemon restart. Only use for quick debugging.
Step 7: Use rootless Docker as a permanent solution
Rootless Docker runs the daemon without root privileges:
dockerd-rootless-setuptool.sh install
export PATH=/usr/bin:$PATH
systemctl --user start docker
This eliminates permission issues entirely by running the daemon under your user namespace.
Prevention Tips
- Add users to the
dockergroup during onboarding - Never use
chmod 777on the socket - Use
sudofor one-off commands if you cannot modify groups - On CI systems, ensure the runner user is in the docker group
- Restart the session after group changes
Common Mistakes with permission denied
- Using
foldlinstead offoldl'causing stack overflow on large lists - Forgetting
deriving (Show, Eq)on custom data types needed for debugging - Placing the wildcard pattern first in case expressions, making all subsequent patterns unreachable
These mistakes appear frequently in real-world DOCKER code. DodaTech's contributors have identified these patterns through analysis of open-source projects and production systems.
Practice Exercise
Write a pure function that safely divides two integers using Maybe, then test it with edge cases like division by zero and negative numbers.
This exercise reinforces the concepts covered in this guide. Try implementing it before checking online solutions.
FAQ
Built by the developers of DodaTech
Doda Browser, DodaZIP & Durga Antivirus Pro