@@ -18,8 +18,9 @@ import (

 )

 const APIVERSION = 1.4

-const DEFAULTHTTPHOST string = "127.0.0.1"

-const DEFAULTHTTPPORT int = 4243

+const DEFAULTHTTPHOST = "127.0.0.1"

+const DEFAULTHTTPPORT = 4243

+const DEFAULTUNIXSOCKET = "/var/run/docker.sock"

 func hijackServer(w http.ResponseWriter) (io.ReadCloser, io.Writer, error) {

 	conn, _, err := w.(http.Hijacker).Hijack()

@@ -977,9 +978,8 @@ func ListenAndServe(proto, addr string, srv *Server, logging bool) error {

 	if e != nil {

 		return e

 	}

-	//as the daemon is launched as root, change to permission of the socket to allow non-root to connect

 	if proto == "unix" {

-		os.Chmod(addr, 0777)

+		os.Chmod(addr, 0700)

 	}

 	httpSrv := http.Server{Addr: addr, Handler: r}

 	return httpSrv.Serve(l)

@@ -33,7 +33,7 @@ func main() {

 	flGraphPath := flag.String("g", "/var/lib/docker", "Path to graph storage base dir.")

 	flEnableCors := flag.Bool("api-enable-cors", false, "Enable CORS requests in the remote api.")

 	flDns := flag.String("dns", "", "Set custom dns servers")

-	flHosts := docker.ListOpts{fmt.Sprintf("tcp://%s:%d", docker.DEFAULTHTTPHOST, docker.DEFAULTHTTPPORT)}

+	flHosts := docker.ListOpts{fmt.Sprintf("unix://%s", docker.DEFAULTUNIXSOCKET)}

 	flag.Var(&flHosts, "H", "tcp://host:port to bind/connect to or unix://path/to/socket to use")

 	flag.Parse()

 	if len(flHosts) > 1 {

@@ -15,7 +15,7 @@ Docker Remote API

 =====================

 - The Remote API is replacing rcli

-- Default port in the docker daemon is 4243

+- By default the Docker daemon listens on unix:///var/run/docker.sock and the client must have root access to interact with the daemon

 - The API tends to be REST, but for some complex commands, like attach

   or pull, the HTTP connection is hijacked to transport stdout stdin

   and stderr