Dockerfile replicate the host user UID and GID to the image

docker permissions dockerfile
50,798

You can pass it as a build arg. Your Dockerfile can be static:

FROM ubuntu:xenial-20170214
ARG UNAME=testuser
ARG UID=1000
ARG GID=1000
RUN groupadd -g $GID -o $UNAME
RUN useradd -m -u $UID -g $GID -o -s /bin/bash $UNAME
USER $UNAME
CMD /bin/bash

Then you'd pass the options on your build command:

docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) \
  -f bb.dockerfile -t testimg .

Note that I've solved similar problems to this a different way, by running an entrypoint as root that looks a file/directory permissions of the host volume mount, and adjust the uid/gid of the users inside the container to match the volume uid/gid. After making that change, it drops access from the root user to the modified uid/gid user and runs the original command/entrypoint. The result is the image can be run unchanged on any developer machine. An example of this can be found in my jenkins-docker repo:

https://github.com/sudo-bmitch/jenkins-docker

Share:
50,798
minghua
Author by

minghua

user:362754 user:361948 'user,:,8873174

Updated on July 09, 2022

Comments

  • minghua
    minghua almost 2 years

    Similar to the SO post about replicating UID/GID in container from host but how do you build the image with a user with replicate UID and GID? Preferably, how do you do it with a dockerfile?

    I can do it with a bash script: 

    #!/bin/bash

# current uid and gid
curr_uid=`id -u`
curr_gid=`id -g`

# create bb.dockerfile:
cat << EOF1 > bb.dockerfile
 FROM ubuntu:xenial-20170214
 ARG UNAME=testuser
EOF1

 echo ARG UID=${curr_uid} >> bb.dockerfile
 echo ARG GID=${curr_gid} >> bb.dockerfile

cat << EOF2 >> bb.dockerfile
 RUN groupadd -g \$GID \$UNAME
 RUN useradd -m -u \$UID -g \$GID -s /bin/bash \$UNAME
 USER \$UNAME
 CMD /bin/bash
EOF2

docker build -f bb.dockerfile -t testimg .

    This bash will generate a docker file as the following and build on it. 

     FROM ubuntu:xenial-20170214
 ARG UNAME=testuser
 ARG UID=1982
 ARG GID=1982
 RUN groupadd -g $GID $UNAME
 RUN useradd -m -u $UID -g $GID -s /bin/bash $UNAME
 USER $UNAME
 CMD /bin/bash

    What I'm asking for, is to remove the hardcoded host UID 1982 and GID 1982 from the dockerfile.

  • Alexander Mills
    Alexander Mills about 6 years
    I don't understand, do the UID and GID args at the command line shadow/override the "static" Dockerfile entries?
  • minghua
    minghua about 6 years
    Inside my docker container ubuntu guest, gid 20 belongs to dialout. Usually your user account on the host should be assigned its own group id, not to reuse the 20. Do you get 20 if you run id -g? What do you get by id -u?
  • minghua
    minghua about 6 years
    Also created a docker file and script to run X over ssh: see superuser SO "Run JetPack TX2 Installer in a Docker Container".
  • Hakanai
    Hakanai over 5 years
    @AlexanderMills I'm guessing you're maybe running on macos where guid 20 = staff, but the guest is some linux where 20 = something else. This idea of passing the group ID and creating the group only seems to make sense if the group doesn't already exist, which would be the case on linux hosts, where conventionally your GID would be a group containing only yourself.
  • BMitch
    BMitch over 5 years
    @AlexanderMills yes, default values for docker args in the dockerfile get overridden by the build command. If the uid/gid already exist inside the container, you can add a -o option to allow non-unique id's.
  • harshavmb
    harshavmb almost 4 years
    clean answer & it solves lot of problems with docker. Especially while using jenkins to spin up docker..
  • Raketenolli
    Raketenolli over 3 years
    What if the gid changes from the system where the container is built to the one it is run on?
  • BMitch
    BMitch over 3 years
    @Raketenolli that's where the second option is more appropriate and the reason I created it.

Recents

Why Is PNG file with Drop Shadow in Flutter Web App Grainy?
How to troubleshoot crashes detected by Google Play Store for Flutter app
Cupertino DateTime picker interfering with scroll behaviour
Why does awk -F work for most letters, but not for the letter "t"?
Flutter change focus color and icon color but not works
How to print and connect to printer using flutter desktop via usb?
Critical issues have been reported with the following SDK versions: com.google.android.gms:play-services-safetynet:17.0.0
Flutter Dart - get localized country name from country code
navigatorState is null when using pushNamed Navigation onGenerateRoutes of GetMaterialPage
Android Sdk manager not found- Flutter doctor error
Flutter Laravel Push Notification without using any third party like(firebase,onesignal..etc)
How to change the color of ElevatedButton when entering text in TextField

Related

Error: "user" directive makes sense only if the master process runs with super-user privileges
Permission denied within mounted volume inside Docker/Podman container
How to change the owner of VOLUME directory in Dockerfile?
Specify "privileged" container mode in dockerfile?
Reloading code in a dockerized node.js app with docker-compose
How to resolve "Cannot retrieve .Id from docker" when building Docker image using Jenkins pipeline
Dockerfile: Is there any way to read variables from .env file
how to correctly use system user in docker container
\Dockerfile: The system cannot find the file specified
AWS credentials during Docker build process