Manage Docker As Non-Root User

Manage Docker As Non-Root User

Learn how to run Docker Commands as non-root users

26 May 2023


As a root user, one can run all the docker commands by connecting to its Daemon; without any restrictions. But we can not give root access to everyone on the system as it is unsafe. 

So we need to figure out ways to give docker access to non-root users. This is what we will explore in this lab. Along with this, we'll see how we can run programs as non-root users, inside the containers we create. 

Prior Knowledge

Before moving further, one needs to know about users, group and sudo access inside Linux. 


Linux makes it possible for multiple users to login at once and use the system independently. Linux system stores user information into /etc/passwd file. User Passwords are stored in /etc/shadow file and encrypted with a one way hash function.

  • Root user: When the system is installed it creates a root account with password protected and only the admin knows the password. Root user account has all the access as a superuser. It can access all the programs, files and resources on the system. The user id 0 gives the root user all the privileges. Admin can give custom names instead of root but some applications run with root user name only.
  • Non-root users: Non-admin users, can run onlyspecific set of commands as per their roles and permissions given. Two types of Users in non-root user category. Users with admin privileges and users with non-admin privileges. 
  • To get the name of current user
  • To switch the user
su - <username>
  • To change the password of current login account
  • To see users information
cat /etc/passwd


The collection of users is called group in Linux. With groups, it becomes easy to manage and deal with multiple users at once, especially in terms of permissions. There are two types of groups in Linux: primary and secondary. Each user is a member of one primary group and up to 15 secondary groups. 

  • To list all primary groups
  • The linux system stores all groups into /etc/group file.
cat /etc/group

sudo Access

sudo is an acronym for Super User Do . By giving sudo access to any user we can control what all commands a user can run in the privileged mode. The user needs to run the commands with the sudo prefix, if he/she wants to run as superuser, like the following:-

sudo apt update 

To add sudo access we need to update the /etc/sudoers file, which we can do with visudo command. If we want we can give permission, equivalent to the root user. 

You can know more about sudo from here

How To Run Docker Via Non-root User Login?

There are two ways to run docker commands as a non-root user. One is by giving sudo access to normal users, which we already covered earlier. The other way is to add normal users to the docker group, which we'll explore now. Please follow the steps below :-

Step 1: Install docker.

  • To Install docker for ubuntu distribution of linux as root user
apt update && apt install -y
  • First check if the docker group is available or not
cat /etc/group | grep docker
Figure 1: print docker group if available
Figure 1: print docker group if available

As some Linux distributions provide a docker group with installation. If it is available skip step 2.

Step 2: Create a docker group.

sudo groupadd docker

Step 3: Add user to docker group. 

  • To create a custom account named dev
adduser dev
Figure 2: partial output of adding user
Figure 2: partial output of adding user
  • To add the existing dev user in docker group
sudo usermod -aG docker dev


Create a new user account with primary and secondary groups, if the primary group with -g is not assigned it will automatically take the username as a primary group.

useradd -g <primary-grup> -G docker <user-name>

Step 4 : Check user availability.

cat /etc/group | grep docker
Figure 3: Add user in docker group and verify
Figure 3: Add user in docker group and verify

Step 5: Run docker command as a normal user. 

  • To login as normal user
su - dev
  • Now, Let's try to run some commands in container created by non-root user.
docker container run --name mycont -it nginx sh
Figure 5: create and run container with non-root user
Figure 5: create and run container with non-root user

While we are here, let us also see how we can run programs as non-root users, inside the containers we create.

Running Programs as non-root user, inside the Container

Generally, if you run a container and check the user id or group id, it is set to 0; which means that we are running the program as the admin user, in the context of the container. 

docker run --rm alpine id

This is not a good practice.  One way is to fix it by providing the uid/gid, while running the containers like following :-

docker run --rm -u 1001:1001 alpine id

But this may cause problems to the programs which we are not configured to run as non-root users, inside the containers; unless we do so. So a better approach is to configure the default user/group and the program accordingly inside the Dockerfile. Let's see an example of the same. 

Step 1: Create a Dockerfile.

  • To write a Dockerfile
vim Dockerfile

Step 2: Build an Image.

  • To build an image from the Dockerfile
docker build -t cloudyuga/test:learn .
docker image ls

Step 3: Create and run a container from the previous step image 

  • To create and run container and retrive user detail
docker run --rm -d --name testc cloudyuga/test:learn

Step 4: Verify the user and ownership of the program running inside the container

docker exec testc id 
docker exec testc ps aux 

We can see the uid and gid are set to 1001 and the sleep program runs with the user testuser.  Also if we inspect the container we'll see the user is set to testuser

docker inspect testc --format '{{.Config.User}} {{.Name}}'
Note: container name is added with username.


So in this hands-on lab, we have seen how we can run Docker commands as a non-root user. We also covered how we can run programs as non-root users, inside the containers.

How likely are you going to recommend this lab to your friends or colleagues?


Leave a comment:

About the Authors

Pratiksha Patel

Pratiksha Patel

Intern at CloudYuga

Pratiksha is a former Assistant Professor, Enthusiastic learner of Cloud and DevOps. She is currently working as Intern at CloudYuga.

Oshi Gupta

Oshi Gupta

DevOps Engineer & Technical Writer, CloudYuga

Oshi Gupta works as a DevOps Engineer and Technical Writer at CloudYuga Technologies. She is a CKA certified and has been selected for LFX mentorship in Spring 2022 for CNCF Kyverno. She loves writing blogs and is keen to learn about various cloud-native technologies. Besides this, she loves cooking, badminton, traveling, and yoga.