Merge pull request #1537 from metalivedev/1517-sudodocker

Fix #1517, #1521 by adding sudo to examples and installation.

docs/sources/commandline/cli.rst

@@ -13,7 +13,7 @@ Docker Usage
 To list available commands, either run ``docker`` with no parameters or execute
 ``docker help``::
 
-  $ docker
+  $ sudo docker
     Usage: docker [OPTIONS] COMMAND [arg...]
       -H=[tcp://127.0.0.1:4243]: tcp://host:port to bind/connect to or unix://path/to/socket to use
 

docs/sources/commandline/command/build.rst

@@ -21,32 +21,44 @@ Examples
 
 .. code-block:: bash
 
-    docker build .
+    sudo docker build .
 
-| This will read the Dockerfile from the current directory. It will also send any other files and directories found in the current directory to the docker daemon.
-| The contents of this directory would be used by ADD commands found within the Dockerfile.
-| This will send a lot of data to the docker daemon if the current directory contains a lot of data.
-| If the absolute path is provided instead of '.', only the files and directories required by the ADD commands from the Dockerfile will be added to the context and transferred to the docker daemon.
-|
+This will read the ``Dockerfile`` from the current directory. It will
+also send any other files and directories found in the current
+directory to the ``docker`` daemon.
+
+The contents of this directory would be used by ``ADD`` commands found
+within the ``Dockerfile``.  This will send a lot of data to the
+``docker`` daemon if the current directory contains a lot of data.  If
+the absolute path is provided instead of ``.`` then only the files and
+directories required by the ADD commands from the ``Dockerfile`` will be
+added to the context and transferred to the ``docker`` daemon.
 
 .. code-block:: bash
 
-   docker build -t vieux/apache:2.0 .
+   sudo docker build -t vieux/apache:2.0 .
 
-| This will build like the preview example, but it will then tag the resulting image, the repository name will be 'vieux/apache' and the tag will be '2.0'
+This will build like the previous example, but it will then tag the
+resulting image. The repository name will be ``vieux/apache`` and the
+tag will be ``2.0``
 
 
 .. code-block:: bash
 
-    docker build - < Dockerfile
+    sudo docker build - < Dockerfile
 
-| This will read a Dockerfile from Stdin without context. Due to the lack of a context, no contents of any local directory will be sent to the docker daemon.
-| ADD doesn't work when running in this mode due to the absence of the context, thus having no source files to copy to the container.
+This will read a ``Dockerfile`` from *stdin* without context. Due to
+the lack of a context, no contents of any local directory will be sent
+to the ``docker`` daemon.  ``ADD`` doesn't work when running in this
+mode because the absence of the context provides no source files to
+copy to the container.
 
 
 .. code-block:: bash
 
-    docker build github.com/creack/docker-firefox
+    sudo docker build github.com/creack/docker-firefox
 
-| This will clone the github repository and use it as context. The Dockerfile at the root of the repository is used as Dockerfile.
-| Note that you can specify an arbitrary git repository by using the 'git://' schema.
+This will clone the Github repository and use it as context. The
+``Dockerfile`` at the root of the repository is used as
+``Dockerfile``.  Note that you can specify an arbitrary git repository
+by using the ``git://`` schema.

docs/sources/commandline/command/commit.rst

@@ -14,7 +14,8 @@
 
       -m="": Commit message
       -author="": Author (eg. "John Hannibal Smith <hannibal@a-team.com>"
-      -run="": Config automatically applied when the image is run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
+      -run="": Config automatically applied when the image is
+       run. "+`(ex: {"Cmd": ["cat", "/world"], "PortSpecs": ["22"]}')
 
 Full -run example::
 

docs/sources/commandline/command/images.rst

@@ -21,6 +21,6 @@ Displaying images visually
 
 ::
 
-    docker images -viz | dot -Tpng -o docker.png
+    sudo docker images -viz | dot -Tpng -o docker.png
 
 .. image:: images/docker_images.gif

docs/sources/commandline/command/import.rst

@@ -12,10 +12,11 @@
 
     Create a new filesystem image from the contents of a tarball
 
-At this time, the URL must start with ``http`` and point to a single file archive
-(.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz)
-containing a root filesystem. If you would like to import from a local directory or archive,
-you can use the ``-`` parameter to take the data from standard in.
+At this time, the URL must start with ``http`` and point to a single
+file archive (.tar, .tar.gz, .tgz, .bzip, .tar.xz, .txz) containing a
+root filesystem. If you would like to import from a local directory or
+archive, you can use the ``-`` parameter to take the data from
+standard in.
 
 Examples
 --------
@@ -23,19 +24,21 @@ Examples
 Import from a remote location
 .............................
 
-``$ docker import http://example.com/exampleimage.tgz exampleimagerepo``
+``$ sudo docker import http://example.com/exampleimage.tgz exampleimagerepo``
 
 Import from a local file
 ........................
 
 Import to docker via pipe and standard in
 
-``$ cat exampleimage.tgz | docker import - exampleimagelocal``
+``$ cat exampleimage.tgz | sudo docker import - exampleimagelocal``
 
 Import from a local directory
 .............................
 
 ``$ sudo tar -c . | docker import - exampleimagedir``
 
-Note the ``sudo`` in this example -- you must preserve the ownership of the files (especially root ownership)
-during the archiving with tar. If you are not root (or sudo) when you tar, then the ownerships might not get preserved.
+Note the ``sudo`` in this example -- you must preserve the ownership
+of the files (especially root ownership) during the archiving with
+tar. If you are not root (or sudo) when you tar, then the ownerships
+might not get preserved.

docs/sources/commandline/command/run.rst

@@ -36,18 +36,29 @@ Examples
 
 .. code-block:: bash
 
-    docker run -cidfile /tmp/docker_test.cid ubuntu echo "test"
+    sudo docker run -cidfile /tmp/docker_test.cid ubuntu echo "test"
 
-| This will create a container and print "test" to the console. The cidfile flag makes docker attempt to create a new file and write the container ID to it. If the file exists already, docker will return an error. Docker will close this file when docker run exits.
+This will create a container and print "test" to the console. The
+``cidfile`` flag makes docker attempt to create a new file and write the
+container ID to it. If the file exists already, docker will return an
+error. Docker will close this file when docker run exits.
 
 .. code-block:: bash
 
    docker run mount -t tmpfs none /var/spool/squid
 
-| This will *not* work, because by default, most potentially dangerous kernel capabilities are dropped; including  ``cap_sys_admin`` (which is required to mount filesystems). However, the ``-privileged`` flag will allow it to run:
+This will *not* work, because by default, most potentially dangerous
+kernel capabilities are dropped; including ``cap_sys_admin`` (which is
+required to mount filesystems). However, the ``-privileged`` flag will
+allow it to run:
 
 .. code-block:: bash
 
    docker run -privileged mount -t tmpfs none /var/spool/squid
 
-| The ``-privileged`` flag gives *all* capabilities to the container, and it also lifts all the limitations enforced by the ``device`` cgroup controller. In other words, the container can then do almost everything that the host can do. This flag exists to allow special use-cases, like running Docker within Docker.
+The ``-privileged`` flag gives *all* capabilities to the container,
+and it also lifts all the limitations enforced by the ``device``
+cgroup controller. In other words, the container can then do almost
+everything that the host can do. This flag exists to allow special
+use-cases, like running Docker within Docker.
+

docs/sources/commandline/command/search.rst

@@ -10,5 +10,5 @@
 
     Usage: docker search TERM
 
-    Searches for the TERM parameter on the Docker index and prints out a list of repositories
-    that match.
+    Searches for the TERM parameter on the Docker index and prints out
+    a list of repositories that match.

docs/sources/contributing/devenvironment.rst

@@ -5,18 +5,23 @@
 Setting Up a Dev Environment
 ============================
 
-To make it easier to contribute to Docker, we provide a standard development environment. It is important that
-the same environment be used for all tests, builds and releases. The standard development environment defines
-all build dependencies: system libraries and binaries, go environment, go dependencies, etc.
+To make it easier to contribute to Docker, we provide a standard
+development environment. It is important that the same environment be
+used for all tests, builds and releases. The standard development
+environment defines all build dependencies: system libraries and
+binaries, go environment, go dependencies, etc.
 
 
 Step 1: install docker
 ----------------------
 
-Docker's build environment itself is a docker container, so the first step is to install docker on your system.
+Docker's build environment itself is a Docker container, so the first
+step is to install docker on your system.
 
-You can follow the `install instructions most relevant to your system <https://docs.docker.io/en/latest/installation/>`.
-Make sure you have a working, up-to-date docker installation, then continue to the next step.
+You can follow the `install instructions most relevant to your system
+<https://docs.docker.io/en/latest/installation/>`_.  Make sure you have
+a working, up-to-date docker installation, then continue to the next
+step.
 
 
 Step 2: check out the source
@@ -35,24 +40,24 @@ When you are ready to build docker, run this command:
 
 ::
 
-    docker build -t docker .
+    sudo docker build -t docker .
 
-This will build the revision currently checked out in the repository. Feel free to check out the version
-of your choice.
+This will build the revision currently checked out in the
+repository. Feel free to check out the version of your choice.
 
-If the build is successful, congratulations! You have produced a clean build of docker, neatly encapsulated
-in a standard build environment.
+If the build is successful, congratulations! You have produced a clean
+build of docker, neatly encapsulated in a standard build environment.
 
 You can run an interactive session in the newly built container:
 
 ::
 
-    docker run -i -t docker bash
+    sudo docker run -i -t docker bash
 
 
 To extract the binaries from the container:
 
 ::
 
-    docker run docker sh -c 'cat $(which docker)' > docker-build && chmod +x docker-build
+    sudo docker run docker sh -c 'cat $(which docker)' > docker-build && chmod +x docker-build
 

docs/sources/examples/couchdb_data_volumes.rst

@@ -9,27 +9,29 @@ CouchDB Service
 
 .. include:: example_header.inc
 
-Here's an example of using data volumes to share the same data between 2 couchdb containers.
-This could be used for hot upgrades, testing different versions of couchdb on the same data, etc.
+Here's an example of using data volumes to share the same data between
+2 CouchDB containers.  This could be used for hot upgrades, testing
+different versions of CouchDB on the same data, etc.
 
 Create first database
 ---------------------
 
-Note that we're marking /var/lib/couchdb as a data volume.
+Note that we're marking ``/var/lib/couchdb`` as a data volume.
 
 .. code-block:: bash
 
-    COUCH1=$(docker run -d -v /var/lib/couchdb shykes/couchdb:2013-05-03)
+    COUCH1=$(sudo docker run -d -v /var/lib/couchdb shykes/couchdb:2013-05-03)
 
 Add data to the first database
 ------------------------------
 
-We're assuming your docker host is reachable at `localhost`. If not, replace `localhost` with the public IP of your docker host.
+We're assuming your docker host is reachable at `localhost`. If not,
+replace `localhost` with the public IP of your docker host.
 
 .. code-block:: bash
 
     HOST=localhost
-    URL="http://$HOST:$(docker port $COUCH1 5984)/_utils/"
+    URL="http://$HOST:$(sudo docker port $COUCH1 5984)/_utils/"
     echo "Navigate to $URL in your browser, and use the couch interface to add data"
 
 Create second database
@@ -39,7 +41,7 @@ This time, we're requesting shared access to $COUCH1's volumes.
 
 .. code-block:: bash
 
-    COUCH2=$(docker run -d -volumes-from $COUCH1 shykes/couchdb:2013-05-03)
+    COUCH2=$(sudo docker run -d -volumes-from $COUCH1 shykes/couchdb:2013-05-03)
 
 Browse data on the second database
 ----------------------------------
@@ -47,7 +49,8 @@ Browse data on the second database
 .. code-block:: bash
 
     HOST=localhost
-    URL="http://$HOST:$(docker port $COUCH2 5984)/_utils/"
+    URL="http://$HOST:$(sudo docker port $COUCH2 5984)/_utils/"
     echo "Navigate to $URL in your browser. You should see the same data as in the first database"'!'
 
-Congratulations, you are running 2 Couchdb containers, completely isolated from each other *except* for their data.
+Congratulations, you are running 2 Couchdb containers, completely
+isolated from each other *except* for their data.

docs/sources/examples/hello_world.rst

@@ -11,26 +11,28 @@ Hello World
 
 This is the most basic example available for using Docker.
 
-Download the base container
+Download the base image (named "ubuntu"):
 
 .. code-block:: bash
 
     # Download an ubuntu image
-    docker pull ubuntu
+    sudo docker pull ubuntu
 
-The *base* image is a minimal *ubuntu* based container, alternatively you can select *busybox*, a bare
-minimal linux system. The images are retrieved from the docker repository.
+Alternatively to the *ubuntu* image, you can select *busybox*, a bare
+minimal Linux system. The images are retrieved from the Docker
+repository.
 
 
 .. code-block:: bash
 
     #run a simple echo command, that will echo hello world back to the console over standard out.
-    docker run base /bin/echo hello world
+    sudo docker run ubuntu /bin/echo hello world
 
 **Explanation:**
 
+- **"sudo"** execute the following commands as user *root* 
 - **"docker run"** run a command in a new container 
-- **"base"** is the image we want to run the command inside of.
+- **"ubuntu"** is the image we want to run the command inside of.
 - **"/bin/echo"** is the command we want to run in the container
 - **"hello world"** is the input for the echo command
 

docs/sources/examples/hello_world_daemon.rst

@@ -11,27 +11,35 @@ Hello World Daemon
 
 The most boring daemon ever written.
 
-This example assumes you have Docker installed and with the ubuntu image already imported ``docker pull ubuntu``.
-We will use the ubuntu image to run a simple hello world daemon that will just print hello world to standard
-out every second. It will continue to do this until we stop it.
+This example assumes you have Docker installed and with the Ubuntu
+image already imported ``docker pull ubuntu``.  We will use the Ubuntu
+image to run a simple hello world daemon that will just print hello
+world to standard out every second. It will continue to do this until
+we stop it.
 
 **Steps:**
 
 .. code-block:: bash
 
-    CONTAINER_ID=$(docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done")
+    CONTAINER_ID=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo hello world; sleep 1; done")
 
-We are going to run a simple hello world daemon in a new container made from the ubuntu image.
+We are going to run a simple hello world daemon in a new container
+made from the *ubuntu* image.
 
-- **"docker run -d "** run a command in a new container. We pass "-d" so it runs as a daemon.
+- **"docker run -d "** run a command in a new container. We pass "-d"
+  so it runs as a daemon.
 - **"ubuntu"** is the image we want to run the command inside of.
 - **"/bin/sh -c"** is the command we want to run in the container
-- **"while true; do echo hello world; sleep 1; done"** is the mini script we want to run, that will just print hello world once a second until we stop it.
-- **$CONTAINER_ID** the output of the run command will return a container id, we can use in future commands to see what is going on with this process.
+- **"while true; do echo hello world; sleep 1; done"** is the mini
+  script we want to run, that will just print hello world once a
+  second until we stop it.
+- **$CONTAINER_ID** the output of the run command will return a
+  container id, we can use in future commands to see what is going on
+  with this process.
 
 .. code-block:: bash
 
-    docker logs $CONTAINER_ID
+    sudo docker logs $CONTAINER_ID
 
 Check the logs make sure it is working correctly.
 
@@ -40,16 +48,17 @@ Check the logs make sure it is working correctly.
 
 .. code-block:: bash
 
-    docker attach $CONTAINER_ID
+    sudo docker attach $CONTAINER_ID
 
 Attach to the container to see the results in realtime.
 
-- **"docker attach**" This will allow us to attach to a background process to see what is going on.
+- **"docker attach**" This will allow us to attach to a background
+  process to see what is going on.
 - **$CONTAINER_ID** The Id of the container we want to attach too.
 
 .. code-block:: bash
 
-    docker ps
+    sudo docker ps
 
 Check the process list to make sure it is running.
 
@@ -57,7 +66,7 @@ Check the process list to make sure it is running.
 
 .. code-block:: bash
 
-    docker stop $CONTAINER_ID
+    sudo docker stop $CONTAINER_ID
 
 Stop the container, since we don't need it anymore.
 
@@ -66,7 +75,7 @@ Stop the container, since we don't need it anymore.
 
 .. code-block:: bash
 
-    docker ps
+    sudo docker ps
 
 Make sure it is really stopped.
 

docs/sources/examples/nodejs_web_app.rst

@@ -9,10 +9,11 @@ Node.js Web App
 
 .. include:: example_header.inc
 
-The goal of this example is to show you how you can build your own docker images
-from a parent image using a ``Dockerfile`` . We will do that by making a simple
-Node.js hello world web application running on CentOS. You can get the full
-source code at https://github.com/gasi/docker-node-hello.
+The goal of this example is to show you how you can build your own
+docker images from a parent image using a ``Dockerfile`` . We will do
+that by making a simple Node.js hello world web application running on
+CentOS. You can get the full source code at
+https://github.com/gasi/docker-node-hello.
 
 Create Node.js app
 ++++++++++++++++++
@@ -109,16 +110,17 @@ Install your app dependencies using npm:
     # Install app dependencies
     RUN cd /src; npm install
 
-Your app binds to port ``8080`` so you’ll use the ``EXPOSE`` command to have it
-mapped by the docker daemon:
+Your app binds to port ``8080`` so you’ll use the ``EXPOSE`` command
+to have it mapped by the docker daemon:
 
 .. code-block:: bash
 
     EXPOSE  8080
 
-Last but not least, define the command to run your app using ``CMD`` which
-defines your runtime, i.e. ``node``, and the path to our app, i.e.
-``src/index.js`` (see the step where we added the source to the container):
+Last but not least, define the command to run your app using ``CMD``
+which defines your runtime, i.e. ``node``, and the path to our app,
+i.e.  ``src/index.js`` (see the step where we added the source to the
+container):
 
 .. code-block:: bash
 
@@ -149,19 +151,20 @@ Your ``Dockerfile`` should now look like this:
 Building your image
 +++++++++++++++++++
 
-Go to the directory that has your ``Dockerfile`` and run the following command
-to build a docker image. The ``-t`` flag let’s you tag your image so it’s easier
-to find later using the ``docker images`` command:
+Go to the directory that has your ``Dockerfile`` and run the following
+command to build a docker image. The ``-t`` flag let’s you tag your
+image so it’s easier to find later using the ``docker images``
+command:
 
 .. code-block:: bash
 
-    docker build -t <your username>/centos-node-hello .
+    sudo docker build -t <your username>/centos-node-hello .
 
 Your image will now be listed by docker:
 
 .. code-block:: bash
 
-    docker images
+    sudo docker images
 
     > # Example
     > REPOSITORY                 TAG       ID              CREATED
@@ -177,17 +180,17 @@ container running in the background. Run the image you previously built:
 
 .. code-block:: bash
 
-    docker run -d <your username>/centos-node-hello
+    sudo docker run -d <your username>/centos-node-hello
 
 Print the output of your app:
 
 .. code-block:: bash
 
     # Get container ID
-    docker ps
+    sudo docker ps
 
     # Print app output
-    docker logs <container id>
+    sudo docker logs <container id>
 
     > # Example
     > Running on http://localhost:8080
@@ -225,8 +228,8 @@ Now you can call your app using ``curl`` (install if needed via:
     >
     > Hello World
 
-We hope this tutorial helped you get up and running with Node.js and CentOS on
-docker. You can get the full source code at
+We hope this tutorial helped you get up and running with Node.js and
+CentOS on docker. You can get the full source code at
 https://github.com/gasi/docker-node-hello.
 
 Continue to :ref:`running_redis_service`.

docs/sources/examples/postgresql_service.rst

@@ -31,7 +31,7 @@ Run an interactive shell in Docker container.
 
 .. code-block:: bash
 
-    docker run -i -t ubuntu /bin/bash
+    sudo docker run -i -t ubuntu /bin/bash
 
 Update its dependencies.
 
@@ -60,9 +60,9 @@ Finally, install PostgreSQL 9.2
 
     apt-get -y install postgresql-9.2 postgresql-client-9.2 postgresql-contrib-9.2
 
-Now, create a PostgreSQL superuser role that can create databases and other roles.
-Following Vagrant's convention the role will be named `docker` with `docker`
-password assigned to it.
+Now, create a PostgreSQL superuser role that can create databases and
+other roles.  Following Vagrant's convention the role will be named
+`docker` with `docker` password assigned to it.
 
 .. code-block:: bash
 
@@ -75,27 +75,27 @@ role.
 
     sudo -u postgres createdb -O docker docker
 
-Adjust PostgreSQL configuration so that remote connections to the database are
-possible. Make sure that inside ``/etc/postgresql/9.2/main/pg_hba.conf`` you have
-following line:
+Adjust PostgreSQL configuration so that remote connections to the
+database are possible. Make sure that inside
+``/etc/postgresql/9.2/main/pg_hba.conf`` you have following line:
 
 .. code-block:: bash
 
     host    all             all             0.0.0.0/0               md5
 
-Additionaly, inside ``/etc/postgresql/9.2/main/postgresql.conf`` uncomment
-``listen_address`` so it is as follows:
+Additionaly, inside ``/etc/postgresql/9.2/main/postgresql.conf``
+uncomment ``listen_address`` so it is as follows:
 
 .. code-block:: bash
 
     listen_address='*'
 
-*Note:* this PostgreSQL setup is for development only purposes. Refer to
-PostgreSQL documentation how to fine-tune these settings so that it is enough
-secure.
+*Note:* this PostgreSQL setup is for development only purposes. Refer
+to PostgreSQL documentation how to fine-tune these settings so that it
+is enough secure.
 
-Create an image and assign it a name. ``<container_id>`` is in the Bash prompt;
-you can also locate it using ``docker ps -a``.
+Create an image and assign it a name. ``<container_id>`` is in the
+Bash prompt; you can also locate it using ``docker ps -a``.
 
 .. code-block:: bash
 
@@ -105,7 +105,7 @@ Finally, run PostgreSQL server via ``docker``.
 
 .. code-block:: bash
 
-    CONTAINER=$(docker run -d -p 5432 \
+    CONTAINER=$(sudo docker run -d -p 5432 \
       -t <your username>/postgresql \
       /bin/su postgres -c '/usr/lib/postgresql/9.2/bin/postgres \
         -D /var/lib/postgresql/9.2/main \
@@ -115,7 +115,7 @@ Connect the PostgreSQL server using ``psql``.
 
 .. code-block:: bash
 
-    CONTAINER_IP=$(docker inspect $CONTAINER | grep IPAddress | awk '{ print $2 }' | tr -d ',"')
+    CONTAINER_IP=$(sudo docker inspect $CONTAINER | grep IPAddress | awk '{ print $2 }' | tr -d ',"')
     psql -h $CONTAINER_IP -p 5432 -d docker -U docker -W
 
 As before, create roles or databases if needed.
@@ -132,13 +132,13 @@ Additionally, publish there your newly created image on Docker Index.
 
 .. code-block:: bash
 
-    docker login
+    sudo docker login
     Username: <your username>
     [...]
 
 .. code-block:: bash
 
-    docker push <your username>/postgresql
+    sudo docker push <your username>/postgresql
 
 PostgreSQL service auto-launch
 ------------------------------
@@ -149,10 +149,10 @@ container starts.
 
 .. code-block:: bash
 
-    docker commit <container_id> <your username>/postgresql -run='{"Cmd": \
+    sudo docker commit <container_id> <your username>/postgresql -run='{"Cmd": \
       ["/bin/su", "postgres", "-c", "/usr/lib/postgresql/9.2/bin/postgres -D \
       /var/lib/postgresql/9.2/main -c \
       config_file=/etc/postgresql/9.2/main/postgresql.conf"], PortSpecs": ["5432"]}
 
-From now on, just type ``docker run <your username>/postgresql`` and PostgreSQL
-should automatically start.
+From now on, just type ``docker run <your username>/postgresql`` and
+PostgreSQL should automatically start.

docs/sources/examples/python_web_app.rst

@@ -9,13 +9,16 @@ Python Web App
 
 .. include:: example_header.inc
 
-The goal of this example is to show you how you can author your own docker images using a parent image, making changes to it, and then saving the results as a new image. We will do that by making a simple hello flask web application image.
+The goal of this example is to show you how you can author your own
+docker images using a parent image, making changes to it, and then
+saving the results as a new image. We will do that by making a simple
+hello flask web application image.
 
 **Steps:**
 
 .. code-block:: bash
 
-    docker pull shykes/pybuilder
+    sudo docker pull shykes/pybuilder
 
 We are downloading the "shykes/pybuilder" docker image
 
@@ -27,52 +30,66 @@ We set a URL variable that points to a tarball of a simple helloflask web app
 
 .. code-block:: bash
 
-    BUILD_JOB=$(docker run -d -t shykes/pybuilder:latest /usr/local/bin/buildapp $URL)
+    BUILD_JOB=$(sudo docker run -d -t shykes/pybuilder:latest /usr/local/bin/buildapp $URL)
 
-Inside of the "shykes/pybuilder" image there is a command called buildapp, we are running that command and passing the $URL variable from step 2 to it, and running the whole thing inside of a new container. BUILD_JOB will be set with the new container_id.
+Inside of the "shykes/pybuilder" image there is a command called
+buildapp, we are running that command and passing the $URL variable
+from step 2 to it, and running the whole thing inside of a new
+container. BUILD_JOB will be set with the new container_id.
 
 .. code-block:: bash
 
-    docker attach $BUILD_JOB
+    sudo docker attach $BUILD_JOB
     [...]
 
-While this container is running, we can attach to the new container to see what is going on. Ctrl-C to disconnect.
+While this container is running, we can attach to the new container to
+see what is going on. Ctrl-C to disconnect.
 
 .. code-block:: bash
 
-    docker ps -a
+    sudo docker ps -a
     
-List all docker containers. If this container has already finished running, it will still be listed here.
+List all docker containers. If this container has already finished
+running, it will still be listed here.
 
 .. code-block:: bash
 
-    BUILD_IMG=$(docker commit $BUILD_JOB _/builds/github.com/shykes/helloflask/master)
+    BUILD_IMG=$(sudo docker commit $BUILD_JOB _/builds/github.com/shykes/helloflask/master)
 
-Save the changes we just made in the container to a new image called "_/builds/github.com/hykes/helloflask/master" and save the image id in the BUILD_IMG variable name.
+Save the changes we just made in the container to a new image called
+``_/builds/github.com/hykes/helloflask/master`` and save the image id in
+the BUILD_IMG variable name.
 
 .. code-block:: bash
 
-    WEB_WORKER=$(docker run -d -p 5000 $BUILD_IMG /usr/local/bin/runapp)
+    WEB_WORKER=$(sudo docker run -d -p 5000 $BUILD_IMG /usr/local/bin/runapp)
 
-- **"docker run -d "** run a command in a new container. We pass "-d" so it runs as a daemon.
-- **"-p 5000"** the web app is going to listen on this port, so it must be mapped from the container to the host system.
+- **"docker run -d "** run a command in a new container. We pass "-d"
+  so it runs as a daemon.
+- **"-p 5000"** the web app is going to listen on this port, so it
+  must be mapped from the container to the host system.
 - **"$BUILD_IMG"** is the image we want to run the command inside of.
 - **/usr/local/bin/runapp** is the command which starts the web app.
 
-Use the new image we just created and create a new container with network port 5000, and return the container id and store in the WEB_WORKER variable.
+Use the new image we just created and create a new container with
+network port 5000, and return the container id and store in the
+WEB_WORKER variable.
 
 .. code-block:: bash
 
-    docker logs $WEB_WORKER
+    sudo docker logs $WEB_WORKER
      * Running on http://0.0.0.0:5000/
 
-View the logs for the new container using the WEB_WORKER variable, and if everything worked as planned you should see the line "Running on http://0.0.0.0:5000/" in the log output.
+View the logs for the new container using the WEB_WORKER variable, and
+if everything worked as planned you should see the line "Running on
+http://0.0.0.0:5000/" in the log output.
 
 .. code-block:: bash
 
     WEB_PORT=$(docker port $WEB_WORKER 5000)
 
-Look up the public-facing port which is NAT-ed. Find the private port used by the container and store it inside of the WEB_PORT variable.
+Look up the public-facing port which is NAT-ed. Find the private port
+used by the container and store it inside of the WEB_PORT variable.
 
 .. code-block:: bash
 
@@ -80,7 +97,8 @@ Look up the public-facing port which is NAT-ed. Find the private port used by th
     curl http://127.0.0.1:$WEB_PORT
       Hello world!
 
-Access the web app using curl. If everything worked as planned you should see the line "Hello world!" inside of your console.
+Access the web app using curl. If everything worked as planned you
+should see the line "Hello world!" inside of your console.
 
 **Video:**
 

docs/sources/examples/running_examples.rst

@@ -7,16 +7,17 @@
 Running the Examples
 --------------------
 
-All the examples assume your machine is running the docker daemon. To run the docker daemon in the background, simply type:
+All the examples assume your machine is running the docker daemon. To
+run the docker daemon in the background, simply type:
 
    .. code-block:: bash
 
       sudo docker -d &
 
-Now you can run docker in client mode: all commands will be forwarded to the docker daemon, so the client
-can run from any account.
+Now you can run docker in client mode: by defalt all commands will be
+forwarded to the ``docker`` daemon via a protected Unix socket, so you
+must run as root.
 
    .. code-block:: bash
 
-      # now you can run docker commands from any account.
-      docker help
+      sudo docker help

docs/sources/examples/running_redis_service.rst

@@ -16,12 +16,13 @@ Open a docker container
 
 .. code-block:: bash
 
-    docker run -i -t base /bin/bash
+    sudo docker run -i -t ubuntu /bin/bash
 
 Building your image
 -------------------
 
-Update your docker container, install the redis server.  Once installed, exit out of docker.
+Update your Docker container, install the Redis server.  Once
+installed, exit out of the Docker container.
 
 .. code-block:: bash
 
@@ -45,7 +46,7 @@ container running in the background. Use your snapshot.
 
 .. code-block:: bash
 
-    docker run -d -p 6379 <your username>/redis /usr/bin/redis-server
+    sudo docker run -d -p 6379 <your username>/redis /usr/bin/redis-server
 
 Test 1
 ++++++
@@ -54,8 +55,8 @@ Connect to the container with the redis-cli.
 
 .. code-block:: bash
 
-    docker ps  # grab the new container id
-    docker inspect <container_id>    # grab the ipaddress of the container
+    sudo docker ps  # grab the new container id
+    sudo docker inspect <container_id>    # grab the ipaddress of the container
     redis-cli -h <ipaddress> -p 6379
     redis 10.0.3.32:6379> set docker awesome
     OK
@@ -70,8 +71,8 @@ Connect to the host os with the redis-cli.
 
 .. code-block:: bash
 
-    docker ps  # grab the new container id
-    docker port <container_id> 6379  # grab the external port
+    sudo docker ps  # grab the new container id
+    sudo docker port <container_id> 6379  # grab the external port
     ip addr show   # grab the host ip address
     redis-cli -h <host ipaddress> -p <external port>
     redis 192.168.0.1:49153> set docker awesome

docs/sources/examples/running_ssh_service.rst

@@ -12,8 +12,16 @@ SSH Daemon Service
 
 **Video:**
 
-I've create a little screencast to show how to create a sshd service and connect to it. It is something like 11
-minutes and not entirely smooth, but gives you a good idea.
+I've create a little screencast to show how to create a sshd service
+and connect to it. It is something like 11 minutes and not entirely
+smooth, but gives you a good idea.
+
+.. note::
+   This screencast was created before ``docker`` version 0.5.2, so the
+   daemon is unprotected and available via a TCP port. When you run
+   through the same steps in a newer version of ``docker``, you will
+   need to add ``sudo`` in front of each ``docker`` command in order
+   to reach the daemon over its protected Unix socket.
 
 .. raw:: html
 
@@ -24,7 +32,7 @@ minutes and not entirely smooth, but gives you a good idea.
 You can also get this sshd container by using
 ::
 
-    docker pull dhrp/sshd
+    sudo docker pull dhrp/sshd
 
 
 The password is 'screencast'

docs/sources/installation/amazon.rst

@@ -90,7 +90,7 @@ Docker can now be installed on Amazon EC2 with a single vagrant command. Vagrant
 
    .. code-block:: bash
 
-      docker
+      sudo docker
 
 
 Continue with the :ref:`hello_world` example.

docs/sources/installation/binaries.rst

@@ -56,10 +56,10 @@ Run your first container!
 .. code-block:: bash
 
     # check your docker version
-    ./docker version
+    sudo ./docker version
 
     # run a container and open an interactive shell in the container
-    ./docker run -i -t ubuntu /bin/bash
+    sudo ./docker run -i -t ubuntu /bin/bash
 
 
 

docs/sources/installation/ubuntulinux.rst

@@ -76,7 +76,7 @@ Verify it worked
 .. code-block:: bash
 
    # download the base 'ubuntu' container and run bash inside it while setting up an interactive shell
-   docker run -i -t ubuntu /bin/bash
+   sudo docker run -i -t ubuntu /bin/bash
 
    # type 'exit' to exit
 
@@ -138,7 +138,7 @@ Verify it worked
 .. code-block:: bash
 
    # download the base 'ubuntu' container and run bash inside it while setting up an interactive shell
-   docker run -i -t ubuntu /bin/bash
+   sudo docker run -i -t ubuntu /bin/bash
 
    # type exit to exit
 

docs/sources/installation/vagrant.rst

@@ -63,7 +63,7 @@ Now you are in the VM, run docker
 
 .. code-block:: bash
 
-   docker
+   sudo docker
 
 
 Continue with the :ref:`hello_world` example.

docs/sources/use/basics.rst

@@ -9,11 +9,13 @@ The Basics
 Starting Docker
 ---------------
 
-If you have used one of the quick install paths', Docker may have been installed with upstart, Ubuntu's
-system for starting processes at boot time. You should be able to run ``docker help`` and get output.
+If you have used one of the quick install paths', Docker may have been
+installed with upstart, Ubuntu's system for starting processes at boot
+time. You should be able to run ``sudo docker help`` and get output.
 
-If you get ``docker: command not found`` or something like ``/var/lib/docker/repositories: permission denied``
-you will need to specify the path to it and manually start it.
+If you get ``docker: command not found`` or something like
+``/var/lib/docker/repositories: permission denied`` you will need to
+specify the path to it and manually start it.
 
 .. code-block:: bash
 
@@ -27,45 +29,73 @@ Running an interactive shell
 .. code-block:: bash
 
   # Download an ubuntu image
-  docker pull ubuntu
+  sudo docker pull ubuntu
 
   # Run an interactive shell in the ubuntu image,
   # allocate a tty, attach stdin and stdout
-  docker run -i -t ubuntu /bin/bash
+  sudo docker run -i -t ubuntu /bin/bash
 
-Bind Docker to another host/port or a unix socket
+Why ``sudo``?
+-------------
+
+The ``docker`` daemon always runs as root, and since ``docker``
+version 0.5.2, ``docker`` binds to a Unix socket instead of a TCP
+port. By default that Unix socket is owned by the user *root*, and so,
+by default, you can access it with ``sudo``. 
+
+Starting in version 0.5.3, if you create a Unix group called *docker*
+and add users to it, then the ``docker`` daemon will make the
+ownership of the Unix socket read/writable by the *docker* group when
+the daemon starts. The ``docker`` daemon must always run as root, but
+if you run the ``docker`` client as a user in the *docker* group then
+you don't need to add ``sudo`` to all the client commands.
+
+Bind Docker to another host/port or a Unix socket
 -------------------------------------------------
 
-With -H it is possible to make the Docker daemon to listen on a specific ip and port. By default, it will listen on 127.0.0.1:4243 to allow only local connections but you can set it to 0.0.0.0:4243 or a specific host ip to give access to everybody.
+.. DANGER:: Changing the default ``docker`` daemon binding to a TCP
+   port or Unix *docker* user group will increase your security risks
+   by allowing non-root users to potentially gain *root* access on the
+   host (`e.g. #1369
+   <https://github.com/dotcloud/docker/issues/1369>`_). Make sure you
+   control access to ``docker``.
 
-Similarly, the Docker client can use -H to connect to a custom port.
+With -H it is possible to make the Docker daemon to listen on a
+specific ip and port. By default, it will listen on
+``unix:///var/run/docker.sock`` to allow only local connections by the
+*root* user.  You *could* set it to 0.0.0.0:4243 or a specific host ip to
+give access to everybody, but that is **not recommended** because then
+it is trivial for someone to gain root access to the host where the
+daemon is running.
+
+Similarly, the Docker client can use ``-H`` to connect to a custom port.
+
+``-H`` accepts host and port assignment in the following format:
+``tcp://[host][:port]`` or ``unix://path``
 
--H accepts host and port assignment in the following format: tcp://[host][:port] or unix://path
 For example:
 
-* tcp://host -> tcp connection on host:4243
-* tcp://host:port -> tcp connection on host:port
-* tcp://:port -> tcp connection on 127.0.0.1:port
-* unix://path/to/socket -> unix socket located at path/to/socket
+* ``tcp://host:4243`` -> tcp connection on host:4243
+* ``unix://path/to/socket`` -> unix socket located at ``path/to/socket``
 
 .. code-block:: bash
 
    # Run docker in daemon mode
    sudo <path to>/docker -H 0.0.0.0:5555 -d &
    # Download an ubuntu image
-   docker -H :5555 pull ubuntu
+   sudo docker -H :5555 pull ubuntu
 
-You can use multiple -H, for example, if you want to listen
-on both tcp and a unix socket
+You can use multiple ``-H``, for example, if you want to listen on
+both TCP and a Unix socket
 
 .. code-block:: bash
 
    # Run docker in daemon mode
    sudo <path to>/docker -H tcp://127.0.0.1:4243 -H unix:///var/run/docker.sock -d &
-   # Download an ubuntu image
-   docker pull ubuntu
-   # OR
-   docker -H unix:///var/run/docker.sock pull ubuntu
+   # Download an ubuntu image, use default Unix socket
+   sudo docker pull ubuntu
+   # OR use the TCP port
+   sudo docker -H tcp://127.0.0.1:4243 pull ubuntu
 
 Starting a long-running worker process
 --------------------------------------
@@ -73,13 +103,13 @@ Starting a long-running worker process
 .. code-block:: bash
 
   # Start a very useful long-running process
-  JOB=$(docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")
+  JOB=$(sudo docker run -d ubuntu /bin/sh -c "while true; do echo Hello world; sleep 1; done")
 
   # Collect the output of the job so far
-  docker logs $JOB
+  sudo docker logs $JOB
 
   # Kill the job
-  docker kill $JOB
+  sudo docker kill $JOB
 
 
 Listing all running containers
@@ -87,7 +117,7 @@ Listing all running containers
 
 .. code-block:: bash
 
-  docker ps
+  sudo docker ps
 
 Expose a service on a TCP port
 ------------------------------
@@ -95,10 +125,10 @@ Expose a service on a TCP port
 .. code-block:: bash
 
   # Expose port 4444 of this container, and tell netcat to listen on it
-  JOB=$(docker run -d -p 4444 ubuntu /bin/nc -l -p 4444)
+  JOB=$(sudo docker run -d -p 4444 ubuntu /bin/nc -l -p 4444)
 
   # Which public port is NATed to my container?
-  PORT=$(docker port $JOB 4444)
+  PORT=$(sudo docker port $JOB 4444)
 
   # Connect to the public port via the host's public address
   # Please note that because of how routing works connecting to localhost or 127.0.0.1 $PORT will not work.
@@ -107,7 +137,7 @@ Expose a service on a TCP port
   echo hello world | nc $IP $PORT
 
   # Verify that the network connection worked
-  echo "Daemon received: $(docker logs $JOB)"
+  echo "Daemon received: $(sudo docker logs $JOB)"
 
 
 Committing (saving) a container state
@@ -115,21 +145,23 @@ Committing (saving) a container state
 
 Save your containers state to a container image, so the state can be re-used.
 
-When you commit your container only the differences between the image the container was created from
-and the current state of the container will be stored (as a diff). See which images you already have
-using ``docker images``
+When you commit your container only the differences between the image
+the container was created from and the current state of the container
+will be stored (as a diff). See which images you already have using
+``sudo docker images``
 
 .. code-block:: bash
 
     # Commit your container to a new named image
-    docker commit <container_id> <some_name>
+    sudo docker commit <container_id> <some_name>
 
     # List your containers
-    docker images
+    sudo docker images
 
 You now have a image state from which you can create new instances.
 
 
 
-Read more about :ref:`working_with_the_repository` or continue to the complete :ref:`cli`
+Read more about :ref:`working_with_the_repository` or continue to the
+complete :ref:`cli`
 

docs/sources/use/builder.rst

@@ -25,12 +25,12 @@ describe the steps to assemble the image.
 Then call ``docker build`` with the path of your source repository as
 argument:
 
-    ``docker build .``
+    ``sudo docker build .``
 
 You can specify a repository and tag at which to save the new image if the
 build succeeds:
 
-    ``docker build -t shykes/myapp .``
+    ``sudo docker build -t shykes/myapp .``
 
 Docker will run your steps one-by-one, committing the result if necessary,
 before finally outputting the ID of your new image.

docs/sources/use/port_redirection.rst

@@ -6,20 +6,23 @@
 Port redirection
 ================
 
-Docker can redirect public tcp ports to your container, so it can be reached over the network.
-Port redirection is done on ``docker run`` using the -p flag.
+Docker can redirect public TCP ports to your container, so it can be
+reached over the network.  Port redirection is done on ``docker run``
+using the -p flag.
 
-A port redirect is specified as PUBLIC:PRIVATE, where tcp port PUBLIC will be redirected to
-tcp port PRIVATE. As a special case, the public port can be omitted, in which case a random
-public port will be allocated.
+A port redirect is specified as *PUBLIC:PRIVATE*, where TCP port
+*PUBLIC* will be redirected to TCP port *PRIVATE*. As a special case,
+the public port can be omitted, in which case a random public port
+will be allocated.
 
 .. code-block:: bash
 
     # A random PUBLIC port is redirected to PRIVATE port 80 on the container
-    docker run -p 80 <image> <cmd>
+    sudo docker run -p 80 <image> <cmd>
 
     # PUBLIC port 80 is redirected to PRIVATE port 80
-    docker run -p 80:80 <image> <cmd>
+    sudo docker run -p 80:80 <image> <cmd>
 
 
-Default port redirects can be built into a container with the EXPOSE build command.
+Default port redirects can be built into a container with the
+``EXPOSE`` build command.

docs/sources/use/puppet.rst

@@ -9,28 +9,32 @@ Using Puppet
 
 .. note::
 
-   Please note this is a community contributed installation path. The only 'official' installation is using the
-   :ref:`ubuntu_linux` installation path. This version may sometimes be out of date.
+   Please note this is a community contributed installation path. The
+   only 'official' installation is using the :ref:`ubuntu_linux`
+   installation path. This version may sometimes be out of date.
 
 Requirements
 ------------
 
-To use this guide you'll need a working installation of Puppet from `Puppetlabs <https://www.puppetlabs.com>`_ .
+To use this guide you'll need a working installation of Puppet from
+`Puppetlabs <https://www.puppetlabs.com>`_ .
 
 The module also currently uses the official PPA so only works with Ubuntu.
 
 Installation
 ------------
 
-The module is available on the `Puppet Forge <https://forge.puppetlabs.com/garethr/docker/>`_
-and can be installed using the built-in module tool.
+The module is available on the `Puppet Forge
+<https://forge.puppetlabs.com/garethr/docker/>`_ and can be installed
+using the built-in module tool.
 
 .. code-block:: bash
 
    puppet module install garethr/docker
 
-It can also be found on `GitHub <https://www.github.com/garethr/garethr-docker>`_ 
-if you would rather download the source.
+It can also be found on `GitHub
+<https://www.github.com/garethr/garethr-docker>`_ if you would rather
+download the source.
 
 Usage
 -----

docs/sources/use/workingwithrepository.rst

@@ -57,10 +57,10 @@ address of the registry's host, like this:
     # Tag to create a repository with the full registry location.
     # The location (e.g. localhost.localdomain:5000) becomes
     # a permanent part of the repository name
-    docker tag 0u812deadbeef localhost.localdomain:5000/repo_name
+    sudo docker tag 0u812deadbeef localhost.localdomain:5000/repo_name
 
     # Push the new repository to its home location on localhost
-    docker push localhost.localdomain:5000/repo_name
+    sudo docker push localhost.localdomain:5000/repo_name
 
 Once a repository has your registry's host name as part of the tag,
 you can push and pull it like any other repository, but it will
@@ -75,14 +75,14 @@ Search by name, namespace or description
 
 .. code-block:: bash
 
-    docker search <value>
+    sudo docker search <value>
 
 
 Download them simply by their name
 
 .. code-block:: bash
 
-    docker pull <value>
+    sudo docker pull <value>
 
 
 Very similarly you can search for and browse the index online on
@@ -96,7 +96,7 @@ You can create a user on the central Docker Index online, or by running
 
 .. code-block:: bash
 
-    docker login
+    sudo docker login
 
 This will prompt you for a username, which will become a public
 namespace for your public repositories.
@@ -115,7 +115,7 @@ your container to an image within your username namespace.
 .. code-block:: bash
 
     # for example docker commit $CONTAINER_ID dhrp/kickassapp
-    docker commit <container_id> <username>/<repo_name>
+    sudo docker commit <container_id> <username>/<repo_name>
 
 
 Pushing a container to its repository
@@ -129,4 +129,4 @@ Now you can commit this image to the repository
 .. code-block:: bash
 
     # for example docker push dhrp/kickassapp
-    docker push <username>/<repo_name>
+    sudo docker push <username>/<repo_name>