Maybe you should run the docker with option "-u root" from the very beginning

At least that solved my problem

2019-05-26

This worked for me !

Example docker-compose:

version: "3"
services:
  jenkins:
    image: jenkinsci/blueocean
    privileged: true
    ports:
      - "8080:8080"
    volumes:
      - $HOME/learning/jenkins/jenkins_home:/var/jenkins_home
    environment:
      - DOCKER_HOST=tcp://socat:2375
    links:
      - socat

  socat:
     image: bpack/socat
     command: TCP4-LISTEN:2375,fork,reuseaddr UNIX-CONNECT:/var/run/docker.sock
     volumes:
        - /var/run/docker.sock:/var/run/docker.sock
     expose:
        - "2375"

use below dockerfile

FROM jenkins/jenkins

USER root

# Install Docker
RUN apt-get update && \
    apt-get -y install apt-transport-https \
    ca-certificates \
    curl \
    gnupg2 \
    software-properties-common && \
    curl -fsSL https://download.docker.com/linux/$(. /etc/os-release; echo "$ID")/gpg > /tmp/dkey; apt-key add /tmp/dkey && \
    add-apt-repository \
    "deb [arch=amd64] https://download.docker.com/linux/$(. /etc/os-release; echo "$ID") \
    $(lsb_release -cs) \
    stable" && \
    apt-get update && \
    apt-get -y install docker-ce


# Compose
RUN curl -L "https://github.com/docker/compose/releases/download/1.22.0/docker-compose-$(uname -s)-$(uname -m)" -o /usr/local/bin/docker-compose && chmod +x /usr/local/bin/docker-compose



RUN usermod -aG docker jenkins
RUN usermod -aG root jenkins

USER jenkins

I faced a similar issue, which is a permission issue and the cause of this issue is because the Docker daemon/server always runs as the root user, and wants you to always preface the docker command with sudo.

Docker daemon binds to a Unix socket instead of a TCP port. By default that Unix socket is owned by the user root and other users can only access it using sudo.

To fix this, here's what worked for me:

Firstly, check if you have a docker group already created:

cat /etc/group

If you don't find docker in the list that is displayed, then you will need to create one:

sudo groupadd docker

Next, confirm your user and your group using the command below:

cat /etc/group

Scroll through to see the group for docker. It should be of this format

docker:x:140:promisepreston

where docker is my group and promisepreston is my user

Now we can add your user to the docker group

For Docker Container Files only:

Copy and run the command below in your terminal exactly how it is stated without modifying it in anyway, regardless of the docker image/container/command that you want to run or are trying to run or is casuing the permission issue:

sudo usermod -aG docker $USER

After running the command above, you will need to Log out and log back in so that your group membership is re-evaluated. However, on Linux, you can also run the following command below to activate the changes to groups (Copy and run the command below in your terminal exactly how it is stated without modifying it in anyway, regardless of the docker image/container/command that you want to run or are trying to run or is casuing the permission issue):

newgrp docker 

You can now verify that you can run docker commands without sudo permissions, by running the command that is causing the permissions issue again, say (Replace my-command with the name of your image/container/command):

docker run my-command

For Docker and Local filesystem files:

If you have a copy of the files on your local filesystem, then you can change the ownership of the application directory where the application files are stored, using this format:

sudo​​ ​ chown​​ ​ <your_user>:<your_group>​​ ​ -R​​ my-app-directory/

So in my case it will be:

sudo chown promisepreston:docker -R my-app-directory/

Note: Please run this command inside the parent directory housing the application directory.

That's all.

I hope this helps

While doing production config i got the permission issue.I tried below solution to resolve the issue.

Error Message

ubuntu@node1:~$ docker run hello-world
docker: Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Post http://%2Fvar%2Frun%2Fdocker.sock/v1.38/containers/create: dial unix /var/run/docker.sock: connect: permission denied.
See 'docker run --help'.

Solution: permissions of the socket indicated in the error message, /var/run/docker.sock:

ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw---- 1 root root 0 Oct 17 11:08 docker.sock
ubuntu@ip-172-31-21-106:/var/run$ sudo chmod 666 /var/run/docker.sock
ubuntu@ip-172-31-21-106:/var/run$ ls -lrth docker.sock
srw-rw-rw- 1 root root 0 Oct 17 11:08 docker.sock

After changes permission for docket.sock then execute below command to check permissions.

ubuntu@ip-172-31-21-106:/var/run$ docker run hello-world
Unable to find image 'hello-world:latest' locally
latest: Pulling from library/hello-world
1b930d010525: Pull complete
Digest: sha256:c3b4ada4687bbaa170745b3e4dd8ac3f194ca95b2d0518b417fb47e5879d9b5f
Status: Downloaded newer image for hello-world:latest

Hello from Docker!
This message shows that your installation appears to be working correctly.

To generate this message, Docker took the following steps:
 1. The Docker client contacted the Docker daemon.
 2. The Docker daemon pulled the "hello-world" image from the Docker Hub.
    (amd64)
 3. The Docker daemon created a new container from that image which runs the
    executable that produces the output you are currently reading.
 4. The Docker daemon streamed that output to the Docker client, which sent it
    to your terminal.

To try something more ambitious, you can run an Ubuntu container with:
 $ docker run -it ubuntu bash

Share images, automate workflows, and more with a free Docker ID:
 https://hub.docker.com/

For more examples and ideas, visit:
 https://docs.docker.com/get-started/

In my case, it was not only necessary add jenkins user to docker group, but make that group the primary group of the jenkins user.

# usermod -g docker jenkins
# usermod -a -G jenkins jenkins

Don't forget to reconnect the jenkins slave node or restart the jenkins server, depend on your case.