Cannot connect to the docker daemon at unix:///var/run/docker.sock. is the docker daemon running?
The above error is very common in docker as there any many factors that cause this and we will see the practical use cases of then and the explanation with solutions.
Firstly the socket file is the main Unix/Linux pipe that is used by the
dockerd which provides a self-sufficient runtime environment for the docker containers.
We generally come across the issues with the following error stating
"Docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock” as the aprticular user executing docker cli is not authorized
We have a simple fix for this issue, As a Best practice on linux server running docker daemon, we need to update the following file
/etc/sysconfig/docker with relevant docker group as shown below:
# /etc/sysconfig/docker # Modify these options if you want to change the way the docker daemon runs OPTIONS='--selinux-enabled --log-driver=journald --signature-verification=false -G dockerroot'
We have added the new Value of
-G dockerroot to the
-G is the Flag to add the linux group and
dockerroot is the privileged docker linux group for the docker daemon on centos/RHEL systems.
We now need to save the file and restart the docker daemon as we have modified the configuration file for the Docker daemon.
[vamshi@node01 ~]$ sudo systemctl restart docker
We now need to ensure the user accessing the docker command is part of the group
dockerroot using usermod command as shown below.
[root@node01 ~]# sudo usermod -aG dockerroot vamshi
We now verify the user group information and verify the user is part of the group dockerroot.
[root@node01 ~]# id vamshi uid=1001(vamshi) gid=1001(vamshi) groups=1001(vamshi),10(wheel),994(dockerroot)
You need relogin back if you are using the username to apply the linux group changes and once you login back you will be able to access the docker with the user account.
This process works for centos systems as we have modified the file
The same approach can be implemented on Debian/Ubuntu systems by modifying
/etc/default/docker which we will look at another post.
Now lets look at the second approach to the problem which is more of getting your hands dirty..
You will now modify the socket file by Hand as we will demonstrate in the following demonstration.
For us to be able to access this, we have to be have a read permission to this socket.
The permissions on
/var/run/docker.sock will be as follows:
[vamshi@node02 ~]$ ls -l /var/run/docker.sock srw-rw----. 1 root root 0 Apr 07 14:02 /var/run/docker.sock
As I mentioned earlier this being a socket file, as the symbol
s is indicated at the start of the file permission attributes in the above output.
To overcome this issue, we have to create a docker group on the docker server as follows:
[vamshi@node02 ~]$ sudo groupadd docker
We check the group entity with the following command:
[vamshi@node02 ~]$ sudo getent group docker docker:x:1009:
Now applying the
docker group ownership to
[vamshi@node02 ~]$ sudo chgrp docker /var/run/docker.sock
And Here is the socket file attributes with updated group ownership:
[vamshi@node01 ~]$ ls -l /var/run/docker.sock srw-rw----. 1 root docker 0 Apr 07 14:09 /var/run/docker.sock
Now we have to add our user to the docker group to gain the
We do that in the following steps:
# sudo usermod -aG docker vamshi
Now we confirm the group members as below:
[vamshi@node02 ~]$ sudo getent group docker docker:x:1009:vamshi
Now we need to logout and login back to this system and we will be able to access the docker command with the user.
The Other issues you might face while accessing the docker cli is probably accessing the docker server over a network where in the connection is established over the TCP connection with the docker server.
The docker server is also capable of handling the requests over the network provided it is exposed over a TCP port.
In most of the docker client server architecture, The Docker server listens on a tcp port over the network and This will be the second scenario where you have to access the docker server over the tcp socket and have to enable to the DOCKER_HOST with the docker server details over tcp.
You can try to connect to the docker server as follows
[user@docker-client ~]$ docker -H tcp://<Your-Docker-Server-IP>:<Port> version
Below is a practical command example:
[vamshi@jenkins-slave01 ~]$ docker -H tcp://10.100.0.10:4243 version
This scenario is most common with build agents like the jenkins slave and containers which run the post build and perform deployments. and is more common in the jenkins build environment..
The third most probable cause being that the actual docker server is not running if you have a local only setup and you can confirm by running the simple troubleshooting steps below by checking the process list and grep for docker process
ps -ef | grep docker and ensure that you have the docker services is started
sudo systemctl status docker and ensure that its enabled on startup with
sudo systemctl enable docker
Please refer our other Devops documents and do share your best practices in comments.