Manage Docker as a non-root user
By default when you install Docker on Linux, you can only access the Docker daemon as the
root user, or by using
sudo. Since the Docker daemon binds to a
Unix socket instead of a
TCP port. And by default that Unix socket is owned by the user
sudo all the time could be irritating. And sure, there is a solution for this issue but you should be very cautious when using it. Another warning: Never. Ever. Use this
shortcut method in a production server.
If you don’t want to preface the docker command with sudo, create a
Unix group called
docker and add
users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker group.
docker group grants privileges equivalent to the
root user. So this is the main reason for warnings. For more details on how this impacts security in your system, see Docker Daemon Attack Surface from official Docker website.
OK, if you are sure about the risks and confirm it, let’s continue:
Add the docker group:
$ sudo groupadd docker
Add the connected user
$USERto the docker group. Change the user name to match your preferred user if you do not want to use your current user:
$ sudo gpasswd -a $USER docker
$ newgrp docker
log into activate the changes to groups.
You can now run docker deamon without
sudoprefix. To test it:
$ docker ps -a