Docker socket permission denied

Docker Socket ErrorPermission ErrorCommonLast updated: June 28, 2026Tested on:Docker Engine v26.0Docker Compose v2.24June 2026

The current user does not have read/write access to the Unix socket file (/var/run/docker.sock) used to communicate with the Docker daemon.

Docker socket permission denied Quick Fix⏱️ Est. Fix Time: 1 minute

Usually happens because:

  • Socket file owned by root group
  • User not added to docker group
  • Socket permissions locked to srw-rw----

🔍 Quick Checklist:

What is Docker socket permission denied?

This error occurs when a non-root user attempts to invoke Docker commands, but the Unix socket file (/var/run/docker.sock) used for communication is owned by root and restricts access to other users. Since the socket file serves as the main gateway to command the daemon, restricting access to it blocks all non-elevated CLI invocations.

Common Causes

  • Missing read/write permissions on docker.sock: The socket file permissions do not allow non-root reads/writes.
  • Docker group not associated with docker.sock: The socket file group is not set to 'docker'.
  • Active shell session not updated: The user was recently added to the group but the current shell has not been reloaded.
CauseFrequency
Incorrect socket file permissions⭐⭐⭐⭐⭐
Socket group ownership mismatch⭐⭐⭐⭐
Stale shell session state⭐⭐⭐

Common Mistakes

  • Expecting chmod changes to persist indefinitely across daemon reboots (the daemon recreates the socket file on startup, resetting permissions).
  • Running scripts inside containers that mount `/var/run/docker.sock` without configuring permissions matching the container user.

How to Fix

1Change socket permissions temporarily: Run 'sudo chmod 666 /var/run/docker.sock' to immediately grant read/write access.
2Fix socket group ownership: Run 'sudo chown root:docker /var/run/docker.sock' to restore access to the docker group members.
3Reload active shell groups: Execute 'newgrp docker' to apply group membership changes to your current terminal session.

Docker Operations & Verification

Inspect the user and group owner, as well as the active read/write permissions of the Unix socket file.

Checking Socket Permissions Example
$ ls -la /var/run/docker.sock

srw-rw---- 1 root root 0 Jun 28 12:00 /var/run/docker.sock
# Notice the group is root, meaning only root can read/write without sudo.

Platform Specific Fixes

Standard steps to change socket permissions and update active group configuration settings.

Linux Config
sudo chmod 666 /var/run/docker.sock
sudo chown root:docker /var/run/docker.sock
newgrp docker

Best Practices

  • Always rely on group permissions (`chown root:docker`) instead of opening the socket to everyone (`chmod 666`) to maintain host security.
  • Verify systemd services (like `docker.socket`) are loaded and managed using default configurations.

Frequently Asked Questions (FAQ)

Q: What is docker.sock?

It is a Unix socket file that the Docker daemon listens on for REST API requests sent by the client CLI.

Q: Is it safe to run chmod 666 on docker.sock?

While it solves the permission issue, it allows any local user or process to gain root access to the host machine. On multi-user systems, adding users to the 'docker' group is much more secure.

Q: Why does my socket permissions reset after reboot?

The docker.sock socket file is recreated by systemd every time the Docker service starts, resetting its permissions. Use group ownership configurations to make the fix permanent.

Q: How do I verify who owns the socket?

Run 'ls -la /var/run/docker.sock' to see the user and group owner details.

Still having this problem?

Didn't solve your problem?

SuggestRequest Error