What is Docker
Docker is a container engine that packages an application and its dependencies into a portable image, then runs it in an isolated container. Unlike a virtual machine, a container shares the host's kernel: it starts in a few milliseconds and consumes few resources.
The tool comes in two families. On Linux, you install the Docker Engine, a dockerd daemon managed by systemd that runs natively. On macOS and Windows, you install Docker Desktop, an application that starts a lightweight Linux virtual machine to host the engine, because Linux containers do not run directly on these systems.
Client / server architecture
The docker command is a client that talks to the daemon through a Unix socket (/var/run/docker.sock on Linux) or a named pipe. The daemon builds images and manages volumes, networks, and the container lifecycle. Because the socket grants control equivalent to root, adding a user to the docker group is a convenience that amounts to granting them root privileges: reserve it for trusted accounts.
Compose
Docker Compose (docker compose, a built-in subcommand since v2) describes a multi-container application in a compose.yaml file. On Linux, it is provided by the docker-compose-plugin package; on macOS and Windows, it is included in Docker Desktop.