Basically docker group exists because it's a lot easier to get people to just add themselves to that group than to type 'sudo' over and over again. Sad but true.
It's not mandatory to use the docker group though. That's completely optional and you could definitely just 'sudo' whenever you do a 'docker' command. The docker _daemon_ needs to run as root because it needs to be able to do all kinds of privileged system calls to actually set up the containers. But if everyone who interacts with the docker daemon is a sudoer, that's not a problem.
Thanks for the reply. The docs say "only trusted users should be allowed to control your Docker daemon". Presumably this means that the Docker daemon can be coerced into doing all sorts of nasty stuff. Is that right? If so, doesn't that imply that it's badly written?
It's not mandatory to use the docker group though. That's completely optional and you could definitely just 'sudo' whenever you do a 'docker' command. The docker _daemon_ needs to run as root because it needs to be able to do all kinds of privileged system calls to actually set up the containers. But if everyone who interacts with the docker daemon is a sudoer, that's not a problem.