Skip to main content
If you want to undo the host system configuration changes made during the Raylib Container setup, follow the procedures below.

Overview

During the initial setup, you made two main changes to your host system:
  1. Granted Docker containers access to your display server with xhost
  2. Added your user to the docker group to run Docker without sudo
This guide shows you how to revert both changes completely.

Revoking Display Access

1

Revoke xhost Permissions

Remove Docker’s access to your display server:
xhost -local:docker
This immediately revokes the permission granted by xhost +local:docker.
2

Remove from Startup Scripts

If you added xhost +local:docker to any startup scripts, remove those lines:
# Remove this line from ~/.profile:
xhost +local:docker
3

Verify Revocation

You can verify the change by listing current xhost permissions:
xhost
Docker should no longer appear in the access control list.
After revoking display access, containers will no longer be able to open graphical windows on your display.

Removing User from Docker Group

1

Remove Group Membership

Remove your user from the docker group:
sudo gpasswd -d $USER docker
This command removes the current user from the docker group.
2

Log Out and Back In

For the change to take effect, you must log out and log back in, or reboot the system:
# On most systems:
gnome-session-quit
# Or use your desktop environment's logout command
3

Verify Removal

After logging back in, verify you’re no longer in the docker group:
groups | grep docker
The command should return nothing if you were successfully removed.
4

Test Docker Access

Confirm that Docker now requires sudo:
docker ps
You should see a permission denied error. This confirms the group removal worked.
Remember to log out/log in or reboot after removing your user from the docker group. The change will not take effect until you do.

Docker Socket Permission Restoration

CRITICAL SECURITY WARNING: Never change the Docker socket permissions to 666! This is a severe security risk.
The correct and secure way to run Docker without sudo is to add your user to the docker group, not to change socket permissions.

If You Accidentally Changed Socket Permissions

If you previously and incorrectly changed the Docker socket permissions, restore the defaults:
1

Restore Default Permissions

The default permissions are usually 660 with owner root and group docker:
sudo chmod 660 /var/run/docker.sock
sudo chown root:docker /var/run/docker.sock
Only run these commands if you incorrectly changed permissions before.
2

Verify Permissions

Check that permissions are correctly set:
ls -l /var/run/docker.sock
Expected output:
srw-rw---- 1 root docker 0 <date> /var/run/docker.sock
  • srw-rw---- means permissions are 660 (read/write for owner and group only)
  • Owner: root
  • Group: docker
3

Restart Docker (If Needed)

If you’re experiencing issues after restoring permissions, restart Docker:
sudo systemctl restart docker

Why chmod 666 is Dangerous

What chmod 666 does:
  • Gives read and write permissions to everyone (owner, group, and all other users)
  • Allows any user on the system to control Docker
  • Effectively grants root access to all users
Security implications:
  • Any user can run containers with root privileges
  • Attackers with limited access can escalate to root
  • Malicious processes can access Docker without authorization
The correct approach:
  • Use chmod 660 (default): Only root and docker group members can access
  • Add trusted users to the docker group: Controlled access management
  • Log out/log in for group changes to take effect: Proper security boundaries

Complete Cleanup Procedure

To fully revert all changes and restore your system to its pre-container state:
1

Revoke Display Access

xhost -local:docker
2

Remove Docker Group Membership

sudo gpasswd -d $USER docker
3

Restore Socket Permissions (If Changed)

sudo chmod 660 /var/run/docker.sock
sudo chown root:docker /var/run/docker.sock
4

Clean Startup Scripts

Remove any xhost +local:docker lines from:
  • ~/.profile
  • ~/.xinitrc
  • ~/.xprofile
  • ~/.bash_profile
  • Any other shell or session startup files
5

Remove Container and Images (Optional)

If you want to completely remove Docker artifacts:
# Remove all stopped containers
docker container prune -a
These commands will delete Docker containers and images. Make sure you don’t need them before proceeding.
6

Log Out and Log Back In

Log out and log back in (or reboot) for all changes to take effect:
# Log out using your desktop environment, or:
sudo reboot

Verification

After completing the cleanup, verify all changes were reverted:
1

Check Group Membership

groups | grep docker
Should return nothing.
2

Check Docker Access

docker ps
Should show a permission denied error.
3

Check xhost Access

xhost
Should not list Docker in the access control list.
4

Check Socket Permissions

ls -l /var/run/docker.sock
Should show srw-rw---- 1 root docker.
If you want to use the Raylib Container again in the future, you’ll need to repeat the prerequisites setup from the Getting Started guide.

Build docs developers (and LLMs) love

Get started for freeTalk to us