The Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root
and other users can only access it using sudo
. The Docker daemon always runs as the root
user.
If you don’t want to preface the docker
command with sudo
, create a Unix group called docker
and add users to it. When the Docker daemon starts, it creates a Unix socket accessible by members of the docker
group.
Warning: The
docker
group grants privileges equivalent to theroot
user. For details on how this impacts security in your system, see Docker Daemon Attack Surface.
Note: To run Docker without root privileges, see Run the Docker daemon as a non-root user (Rootless mode) .