I have an Ubuntu Server 16.04, with a service that needs this permission

$ sudo chmod 666 /var/run/docker.sock

Right now, every time the server is rebooted, it's necessary to open a ssh console, run that task and start the service manually.

I need to run that command before the services being started. What would be the most secure way to do it?

EDIT: The service's account already is member of the docker group.

To directly answer your question, just add the following content to a file called /etc/init/docker-chmod.conf to get your permissions set during boot.

start on startup
task
exec chmod 666 /var/run/docker.sock

But you should consider adding your, or a system user, to the docker-unix group to avoid workarounds like this which could be a big potential security threat.

The result of your chmod practically gives all local users read and write permissions to the docker-socket which allows anyone to interfere with your docker images.

Why not add the service user’s account to your docker group?

If you really must have a service using the Docker socket, use a privileged container. But try to avoid it entirely, if possible.