FixPedia
Other EACCES

Docker Compose Permission Denied

5-10 minutes
Easy
FixPedia Team
Применимо к:Docker Compose v1/v2Ubuntu 20.04/22.04Debian 11/12CentOS 8/Rocky 8Fedora 35+

title: 'Permission denied error in docker-compose on Linux: causes and solution' summary: 'The article explains why the "permission denied" error occurs when using docker-compose on Linux and provides several proven ways to fix it. You will learn how to add a user to the docker group, start the daemon, and configure socket permissions.' keywords:

  • docker-compose permission denied
  • docker-compose permission denied error on linux
  • how to fix docker-compose without sudo
  • add user to docker group
  • docker daemon not running permission denied
  • docker.sock permission denied
  • docker-compose run as root
  • EACCES docker-compose locale: ru_RU platform: linux related:
  • /errors/linux/docker-daemon-not-running
  • /guides/linux/install-docker-engine
  • /errors/linux/docker-command-not-found section: Docker Errors severity: high tags:
  • docker-compose
  • error
  • Linux
  • permissions
  • docker.sock
  • docker group
  • permission denied type: error updatedAt: '2026-02-17 11:33:12' howToTotalTime: PT10M

-`. If not, see Method 3.

  • name: Run docker-compose without sudo text: After completing steps 1-3, try running docker-compose up in your project. The permission denied error should disappear.

What does the permission denied error mean in docker-compose

The permission denied error when running docker-compose on Linux occurs when the current user does not have read/write permissions on the Docker Unix socket (/var/run/docker.sock). This is the primary communication interface between clients (docker, docker-compose) and the Docker daemon (dockerd).

Typical error message:

ERROR: Can't connect to the Docker daemon at unix:///var/run/docker.sock. Is the docker daemon running?

or

Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock

The error blocks the execution of any docker-compose command (up, down, ps, logs, etc.) because without access to the Docker daemon, it is impossible to manage containers.

Causes

  1. User is not a member of the docker group
    By default, access to /var/run/docker.sock is restricted to the docker group. If the user is not in this group, the system returns EACCES (Permission denied).
  2. Docker daemon is not running
    If the docker service is stopped (systemctl status docker shows inactive), the socket may be missing or inaccessible.
  3. Incorrect permissions on the /var/run/docker.sock socket
    The socket owner should be root:docker, and permissions should be srw-rw---- (660). If permissions are changed (e.g., to 777 or 644), access is compromised.
  4. Running docker-compose as root via sudo without environment configuration
    When using sudo, environment variables (such as DOCKER_HOST) may be reset, leading to connection errors.
  5. Using a remote Docker daemon without the correct DOCKER_HOST
    If Docker is configured on a remote host but the DOCKER_HOST variable is not set, docker-compose attempts to connect to the local socket without permissions.

This is the proper and secure solution. It gives the user access to Docker without using sudo.

  1. Add the current user to the docker group:
    sudo usermod -aG docker $USER

    The -aG flag adds the user to the docker group without removing them from other groups.
  2. Apply the group changes:
    • Option A: Log out and log back in (or restart the computer). This ensures the new group is activated in all sessions.
    • Option B: In the current session, run newgrp docker to make the docker group active without logging out.
  3. Check group membership:
    groups

    The output should include the docker group.
  4. Verify Docker access:
    docker ps

    If the command runs without errors, docker-compose will also work.

💡 Tip: After adding to the group, you may need to restart the terminal or session for the changes to take effect.

Method 2: Run docker-compose via sudo (temporary solution)

Use sudo to run docker-compose if you need a quick fix, but this is not recommended for daily use due to security risks.

sudo docker-compose up

Disadvantages:

  • Containers run as root, giving them full access to the host system.
  • Files created in the container will be owned by root, which can cause permission issues when later accessed by a regular user.
  • Environment variables and configuration files (.env) may be ignored.

⚠️ Important: Use this method only for testing or in isolated environments. For production, configure the docker group.

If for some reason you cannot add the user to the docker group, you can temporarily change the socket permissions. This reduces security because any user will gain access to the Docker daemon.

  1. Check current permissions:
    ls -l /var/run/docker.sock

    Example output:
    srw-rw---- 1 root docker 0 Feb 17 12:00 /var/run/docker.sock
  2. Change permissions to 666 (access for all):
    sudo chmod 666 /var/run/docker.sock

    After this, the permission denied error will disappear, but any system user will be able to manage Docker.
  3. Revert permissions after use:
    sudo chmod 660 /var/run/docker.sock
sudo chown root:docker /var/run/docker.sock

⚠️ Important: This method should only be used in controlled environments (e.g., in a test container) and temporarily. For permanent use, configure groups.

Method 4: Check and start the Docker daemon

If the Docker daemon is not running, even adding to the docker group will not help.

  1. Check the Docker service status:
    systemctl status docker
  2. If the service is inactive (inactive), start it:
    sudo systemctl start docker
  3. Enable Docker to start on system boot:
    sudo systemctl enable docker
  4. Restart docker-compose after starting the daemon.

Method 5: Fix docker-compose configuration (if using a remote host)

If Docker is configured on a remote host, ensure the DOCKER_HOST environment variable is set correctly.

  1. Set DOCKER_HOST (example for TCP connection):
    export DOCKER_HOST=tcp://remote-host:2375

    Or for TLS:
    export DOCKER_HOST=tcp://remote-host:2376
  2. Verify the connection:
    docker info
  3. Run docker-compose:
    docker-compose up

💡 Tip: For permanent use, add export DOCKER_HOST=... to ~/.bashrc or ~/.profile.

Frequently Asked Questions (FAQ)

Why does the error persist after adding to the docker group?

After adding to the group, you need to log out and log back in (or run newgrp docker). Without this, the session continues to use the old group list.

How do I check which group I am in?

Run groups or id -nG. If docker is not in the list, the user is not in the group.

What to do if the docker group is not created?

The docker group is created when Docker Engine is installed. If it doesn't exist, reinstall Docker:

sudo apt remove docker-ce docker-ce-cli containerd.io
sudo apt install docker-ce docker-ce-cli containerd.io

Can I add a user to the docker group without sudo?

No, changing groups requires root privileges. Use sudo or log in as root.

Why does docker ps work but docker-compose up does not?

Possibly, docker-compose is outdated or installed from a third-party repository with different permissions. Update docker-compose:

sudo apt upgrade docker-compose-plugin

Or use the built-in plugin: docker compose up.

F.A.Q.

Why does docker-compose require sudo while docker does not?
After adding to the docker group, the error persists. What should I do?
Can I run docker-compose as root permanently?
What is docker.sock and why is it needed?

Hints

Check the current user group
Add the user to the docker group
Apply group changes
Check docker.sock access

Did this article help you solve the problem?

FixPedia

Free encyclopedia for fixing errors. Step-by-step guides for Windows, Linux, macOS and more.

© 2026 FixPedia. All materials are available for free.

Made with for the community