Manage Docker as a non-root user
By default when you install Docker on Linux, you can only access the Docker daemon as the root
user, or by using sudo
. Since the Docker daemon binds to a Unix socket
instead of a TCP port
. And by default that Unix socket is owned by the user root
.
Yes, typing sudo
all the time could be irritating. And sure, there is a solution for this issue but you should be very cautious when using it. Another warning: Never. Ever. Use this shortcut
method in a production server.
If you don’t want to preface the docker command with sudo, create a Unix group
called docker
and add users
to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
However this docker
group grants privileges equivalent to the root
user. So this is the main reason for warnings. For more details on how this impacts security in your system, see Docker Daemon Attack Surface from official Docker website.
OK, if you are sure about the risks and confirm it, let’s continue:
Add the docker group:
$ sudo groupadd docker
Add the connected user
$USER
to the docker group. Change the user name to match your preferred user if you do not want to use your current user:$ sudo gpasswd -a $USER docker
Either do
$ newgrp docker
or
log out
andlog in
to activate the changes to groups.You can now run docker deamon without
sudo
prefix. To test it:$ docker ps -a