Manage Docker As Non-Root User

Learn how to run Docker Commands as non-root users


As a root user, one can run all the docker commands by connecting to its Daemon; without any restrictions. But we can not give root access to everyone on the system as it is unsafe.

So we need to figure out ways to give docker access to non-root users. This is what we will explore in this lab. Along with this, we’ll see how we can run programs as non-root users, inside the containers we create.

Prior Knowledge

Before moving further, one needs to know about users, group and sudo access inside Linux.


Linux makes it possible for multiple users to login at once and use the system independently. Linux system stores user information into /etc/passwd file. User Passwords are stored in /etc/shadow file and encrypted with a one way hash function.

  • Root user: When the system is installed it creates a root account with password protected and only the admin knows the password. Root user account has all the access as a superuser. It can access all the programs, files and resources on the system. The user id 0 gives the root user all the privileges. Admin can give custom names instead of root but some applications run with root user name only.
  • Non-root users: Non-admin users, can run only specific set of commands as per their roles and permissions given. Two types of Users in non-root user category. Users with admin privileges and users with non-admin privileges.
  • To get the name of current user
  • To switch the user
su - <username>
  • To change the password of current login account
  • To see users information
cat /etc/passwd


The collection of users is called group in Linux. With groups, it becomes easy to manage and deal with multiple users at once, especially in terms of permissions. There are two types of groups in Linux: primary and secondary. Each user is a member of one primary group and up to 15 secondary groups.

  • To list all primary groups
  • The Linux system stores all groups into /etc/group file.
cat /etc/group

sudo Access

sudo is an acronym for Super User Do . By giving sudo access to any user we can control what all commands a user can run in the privileged mode. The user needs to run the commands with the sudo prefix, if he/she wants to run as superuser, like the following:-

sudo apt update 

To add sudo access we need to update the /etc/sudoers file, which we can do with visudo command. If we want we can give permission, equivalent to the root user. 

<username>    ALL=(ALL:ALL) ALL

You can know more about sudo from here.


Hands-on involvement is essential to convert theoretical knowledge into practical skills. We will do the experiment on your local Linux machine. If you are using windows or MacOS, You can install Linux on top of VM.

How To Run Docker Via Non-root User Login?

There are two ways to run docker commands as a non-root user. One is by giving sudo access to normal users, which we already covered earlier. The other way is to add normal users to the docker group, which we’ll explore now. Please follow the steps below :-

Step 1: Install docker.

apt update && apt install -y
  • First check if the docker group is available or not
cat /etc/group | grep docker

Figure 1: print docker group if available

As some Linux distributions provide a docker group with installation. If it is available skip step 2.

Step 2: Create a docker group.

sudo groupadd docker

Step 3: Add user to docker group.

  • To create a custom account named dev
adduser dev

Figure 2: partial output of adding user

  • To add the existing dev user in docker group
sudo usermod -aG docker dev


Create a new user account with primary and secondary groups, if the primary group with -g is not assigned it will automatically take the username as a primary group.

useradd -g <primary-grup> -G docker <user-name>

Step 4 : Check user availability.

cat /etc/group | grep docker

Figure 3: Add user in docker group and verify

Step 5: Run docker command as a normal user.

  • To login as normal user
su - dev
  • Now, Let’s try to run some commands in container created by non-root user.
docker container run --name mycont -it nginx sh

Figure 5: create and run container with non-root user

While we are here, let us also see how we can run programs as non-root users, inside the containers we create.

Running Programs as non-root user, inside the Container

Generally, if you run a container and check the user id or group id, it is set to 0; which means that we are running the program as the admin user, in the context of the container.

docker run --rm alpine id
uid=0(root) gid=0(root) groups=0(root),1(bin),2(daemon),3(sys),4(adm),6(disk),10(wheel),11(floppy),20(dialout),26(tape),27(video)

This is not a good practice.  One way is to fix it by providing the uid/gid, while running the containers like following :-

docker run --rm -u 1001:1001 alpine id
uid=1001 gid=1001 groups=1001

But this may cause problems to the programs which we are not configured to run as non-root users, inside the containers; unless we do so. So a better approach is to configure the default user/group and the program accordingly inside the Dockerfile. Let’s see an example of the same.

Step 1: Create a Dockerfile.

  • To write a Dockerfile
vim Dockerfile
FROM centos:7
RUN useradd -u 1001 testuser
USER testuser
CMD ["/bin/sleep", "200"]

Step 2: Build an Image.

  • To build an image from the Dockerfile
docker build -t cloudyuga/test:learn .
docker image ls

Step 3: Create and run a container from the previous step image

  • To create and run container and retrive user detail
docker run --rm -d --name testc cloudyuga/test:learn

Step 4: Verify the user and ownership of the program running inside the container

docker exec testc id
docker exec testc ps aux 

We can see the uid and gid are set to 1001 and the sleep program runs with the user testuser.  Also if we inspect the container we’ll see the user is set to testuser

docker inspect testc --format '{{.Config.User}} {{.Name}}'

Note: container name is added with username.


So in this hands-on lab, we have seen how we can run Docker commands as a non-root user. We also covered how we can run programs as non-root users, inside the containers.

Join Our Newsletter

Share this article:

Table of Contents