Fix Docker Run Permission Denied Error | Complete Guide

# Docker Run Permission Denied: How to Fix Access and Permission Errors

You tried to run a Docker command, but permission was denied:

bash

docker: permission denied while trying to connect to the Docker daemon socket

Or inside a container:

bash

Error response from daemon: OCI runtime create failed: permission denied

Or when mounting volumes:

bash

docker: Error response from daemon: error while creating mount source path: permission denied

Permission errors come from several sources. Let me walk you through fixing each type.

Type 1: Docker Daemon Socket Permission

The most common error—can't connect to Docker daemon:

bash

permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

Root cause: Your user doesn't have permission to access /var/run/docker.sock.

Solution 1: Add user to docker group

```bash # Add your user to docker group sudo usermod -aG docker $USER

# Log out and log back in # Or run: newgrp docker

# Test docker run hello-world ```

Solution 2: Use sudo (temporary)

bash

sudo docker run hello-world

Solution 3: Change socket permissions (less secure)

bash

sudo chmod 666 /var/run/docker.sock
# Temporary until Docker restart

Verify group membership:

```bash # Check your groups groups

# Should include "docker"

# Check docker group members getent group docker ```

Type 2: Volume Mount Permission Denied

Mounting host directories fails due to permissions:

bash

Error response from daemon: error while creating mount source path '/data': permission denied

Check host directory permissions:

bash

ls -la /data
# Check owner and permissions

Fix:

```bash # Change ownership sudo chown -R $USER:$USER /data

# Or change permissions sudo chmod -R 755 /data

# Or run container as root for mount docker run -v /data:/app --user root myimage ```

SELinux restrictions (CentOS/RHEL):

```bash # Add :z or :Z suffix for SELinux labeling docker run -v /data:/app:z myimage

# :z - shared across containers # :Z - private to this container ```

Type 3: Container User Permission Issues

Container runs as non-root user and can't access files:

```bash # Check container user docker inspect myimage --format '{{.Config.User}}'

# If user is "appuser" (not root), may lack permissions ```

Fix: Run as root or fix file permissions

```bash # Run as root docker run --user root -v /data:/app myimage

# Or fix permissions in Dockerfile RUN chown -R appuser:appuser /app ```

Handle rootless containers:

```bash # Rootless Docker runs containers as your user # Volumes are mapped to your user namespace

# Check rootless Docker docker context ls

# For rootless, use appropriate UID mapping docker run --user 1000:1000 -v /data:/app myimage ```

Type 4: File Permission in Mounted Volumes

Files created in mounted volumes have wrong permissions:

```bash # Files created by container are owned by container user # Can't access from host

# Check container user UID docker run --rm myimage id

# Output: uid=1000(appuser) gid=1000(appgroup) ```

Fix: Match UIDs between host and container

```bash # Create host directory with matching UID sudo mkdir -p /data sudo chown 1000:1000 /data

# Or run container with your UID docker run --user $(id -u):$(id -g) -v /data:/app myimage ```

Type 5: Dockerfile Permission Issues

Permission errors during build:

bash

COPY failed: permission denied

Fix in Dockerfile:

```dockerfile # Ensure proper permissions when copying COPY --chown=appuser:appgroup file.txt /app/

# Or fix permissions after copy COPY file.txt /app/ RUN chown appuser:appgroup /app/file.txt

# Set proper permissions on directories RUN mkdir -p /app && chown -R appuser:appgroup /app USER appuser ```

Type 6: Network Permission Issues

Creating networks or binding ports:

bash

Error response from daemon: driver failed programming external connectivity: permission denied

Port binding issues:

```bash # Ports below 1024 require root docker run -p 80:80 nginx # Requires root

# Use higher ports docker run -p 8080:80 nginx # Works as regular user ```

Network creation:

```bash # Creating networks usually requires docker group membership docker network create mynet

# If fails, add user to docker group sudo usermod -aG docker $USER ```

Type 7: Windows Permission Issues

On Windows, file sharing permission errors:

bash

Error: drive sharing not enabled
Error: firewall blocking file sharing

Fix in Docker Desktop:

1.Open Docker Desktop Settings
2.Go to Resources > File Sharing
3.Add the shared folder
4.Apply & Restart

Or use WSL2 backend:

powershell

# In PowerShell
wsl --install
# Restart Docker Desktop with WSL2 backend

Type 8: AppArmor/SELinux Restrictions

Security modules block container operations:

bash

Error: permission denied (AppArmor)
Error: SELinux is preventing access

Check AppArmor:

```bash # List AppArmor profiles aa-status

# Disable for Docker (not recommended for production) sudo aa-disable docker-default

# Or run with --security-opt docker run --security-opt apparmor=unconfined myimage ```

Check SELinux:

```bash # SELinux status getenforce

# Temporarily set to permissive sudo setenforce 0

# Or use proper SELinux labels docker run -v /data:/app:z myimage ```

Quick Permission Diagnosis

```bash # 1. Check Docker daemon access docker info ls -la /var/run/docker.sock

# 2. Check your groups groups

# 3. Check container user docker inspect IMAGE --format '{{.Config.User}}'

# 4. Check host directory permissions ls -la /host/path

# 5. Check SELinux/AppArmor getenforce # SELinux aa-status # AppArmor

# 6. Check file ownership in volumes ls -la /mounted-volume ```

Common Permission Error Patterns

Error	Cause	Fix
`Docker daemon socket`	User not in docker group	`sudo usermod -aG docker $USER`
`mount source path`	Host directory permission	`sudo chmod 755 /path`
`OCI runtime create`	Container user issue	`docker run --user root`
`port binding`	Low port requires root	Use ports > 1024
`drive sharing`	Windows file sharing	Enable in Docker Desktop
`AppArmor/SELinux`	Security module	Use `:z` mount option

Prevention Best Practices

1.Add users to docker group during setup
2.Use consistent UIDs between host and container
3.Set proper permissions in Dockerfiles
4.Use higher ports (>1024) when possible
5.Test volume permissions before deployment
6.Document permission requirements for team

Quick Reference

Task	Command
Add user to docker group	`sudo usermod -aG docker $USER`
Check groups	`groups`
Check docker socket	`ls -la /var/run/docker.sock`
Fix host directory	`sudo chown -R $USER:$USER /path`
Run as root	`docker run --user root IMAGE`
SELinux mount	`docker run -v /path:/app:z IMAGE`
Check container user	`docker inspect IMAGE --format '{{.Config.User}}'`

Permission errors are resolved by ensuring your user is in the docker group, host directories have correct permissions, and container users can access mounted files.

Docker Run Permission Denied: How to Fix Access and Permission Errors

Type 1: Docker Daemon Socket Permission

Type 2: Volume Mount Permission Denied

Type 3: Container User Permission Issues

Type 4: File Permission in Mounted Volumes

Type 5: Dockerfile Permission Issues

Type 6: Network Permission Issues

Type 7: Windows Permission Issues

Type 8: AppArmor/SELinux Restrictions

Quick Permission Diagnosis

Common Permission Error Patterns

Prevention Best Practices

Quick Reference

Share this guide

More Docker Troubleshooting Guides

Docker cgroup Memory Limit Not Enforced

Docker User Namespace Remapping Permission Error

Docker Container Read-Only Filesystem

Docker Image Layer Corruption

Docker runc Exec Failed

Docker containerd Not Responding