I created a Dockerfile, use my current userid to run application so that the docker container is running in the same permission of my current user, considering the container mount the host's folder to perform task.
I am not root for my host (local) system. To make my life easier, I also add root, sudo group to this account of Docker image, so I can perform sudo task to install things.
Here is part of the Dockerfile:
(Ubuntu 18.04)
ARG USERNAME='test'
ARG UID=1000
ARG GID=1000
RUN apt-get update && apt-get install -yq openssh-server sudo
RUN groupadd -g $GID debuggroup
RUN useradd -rm -d /home/$USERNAME -s /bin/bash -u $UID -g $GID -G wheel $USERNAME
RUN echo $USERNAME:test | chpasswd
When I build the docker image, I use
docker build --build-arg UID=$(id -u) --build-arg GID=$(id -g) --build-arg USERNAME=$(whoami) .
to pass on my username and userid
and when I run the docker image (to create docker container), I also use
docker run --detach -u $(id -u):$(id -g)
All is well up to this point. When I use 'docker exec -it xxx bash' to login this container, my username is correct (ben), my userid is correct (10023). id -G shows I am in 3 groups: 10001 (debuggroup), 0 (root), 27 (sudo)
10001 is my real group id if I run id -g in the host.
Here comes the change:
In the host, besides of 10001 group, I am also member of group 10022 and 10033, so I have permission to some specific folder. Now in the container, because the user is not in 10022 and 10033, I can't access to this folder.
So I changed the docker run command to:
docker run --detach -u $(id -u):$(id -g) $(id -G | sed -e 's/\</--group-add /g')
It is actually working, and I am able to access to my folder now.
id -G shows I am in 3 groups: 10001 (debuggroup), 10022 (no name), 10033 (no name)
But:
I am no longer a member of sudo and root. The interesting thing is, cat /etc/group shows that I am still in sudo and root group, but I don't have permission to sudo any more.
ben@a1559a984ac0:/$ grep ben /etc/group
root:x:0:ben
sudo:x:27:ben
ben@a1559a984ac0:/$ sudo ls
[sudo] password for ben:
ben is not in the sudoers file. This incident will be reported.
There are some StackExchange posts talking about the Discrepancy about the group, but I don't see the solution for this issue: My account is in /etc/group, but not in "groups" and "id -G". Why the " --group-add " of docker run command removes existing group I was in ?
I guess I can hard code " --group-add 0 " to add myself into the root, but this is still frustrating (not elegant). Any suggestion?
The docker file is for Ubuntu 18.04, but I guess it is not version related.
