permission denied

Fix 'permission denied' for /var/run/docker.sock on Ubuntu 22.04

Linux & Unix Beginner 👁 1 views 📅 May 29, 2026

You try running Docker without sudo and get a permission denied error on /var/run/docker.sock. It means your user isn't in the docker group. Here's how to fix it.

You just installed Docker on Ubuntu 22.04. You run docker ps and get slapped with permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock. You check the socket permissions with ls -l /var/run/docker.sock and see it's owned by root:docker with 660 permissions. That's the trigger—your user account isn't in the docker group, so the kernel blocks access.

What's actually happening

Docker runs as a daemon (systemd service) owned by root. It creates a Unix socket at /var/run/docker.sock for clients to talk to it. The socket's group is docker, and only users in that group can read/write it. By default, only root is in the docker group. When you run docker ps as a regular user, you're not in that group, so the kernel says nope.

You might think 'I'll just change the socket permissions to 777.' Don't. That's a security nightmare—any user or process on the machine can then control Docker, including malware. The proper fix is to add your user to the docker group.

The fix: add your user to the docker group

  1. Open a terminal.
  2. Run sudo usermod -aG docker $USER. The -a flag appends your user to the group, -G specifies the group name (docker), and $USER is your current username. If you're logged in as 'jane', this is the same as sudo usermod -aG docker jane.
  3. Log out completely—close all terminal windows and logout from your desktop session. Don't just close the terminal; actually logout. Then log back in.
  4. Verify the group membership with groups. You should see 'docker' in the list.
  5. Run docker ps. It should work now.

Logging out and back in is important because group changes aren't applied to existing sessions. If you can't log out (say you're on a remote SSH session), you can use newgrp docker to start a new shell with the group active, but that's temporary. For a permanent fix, logout.

What if it still fails?

Two things can trip you up here. First, make sure the Docker daemon is actually running. Run systemctl status docker. If it's inactive or failed, start it with sudo systemctl start docker and enable it with sudo systemctl enable docker.

Second, check the socket path. On some older Docker versions or systems, the socket might be at /run/docker.sock (without /var). Docker 20.10 and later symlinks /var/run to /run on Ubuntu, but verify with ls -l /run/docker.sock. If it's missing, restart the daemon.

Still stuck? Check your user's UID and GID. If you've manually set your user's UID to something weird or your system uses LDAP/SSSD, group lookups might fail. Run id and confirm your user shows up in the docker group. If not, you might have a typo in the usermod command—re-run it and double-check the group name is exactly 'docker'.

Final sanity check: reboot. Yes, it's cliché, but group changes sometimes don't propagate correctly on systems with complex PAM configurations. A reboot forces everything to re-read the group file.

Once you're in the docker group, you can run all Docker commands without sudo. No more permission denied. Now go containerize something.

Was this solution helpful?

Docker permission denied /var/run/docker.sock docker group Ubuntu Docker fix Docker socket permission docker.sock access denied Docker without sudo Docker permission error Linux Docker Docker group add Docker troubleshooting permission denied docker.sock Docker socket Docker user group Docker fix Ubuntu