Closed
Description
@gaocegege if envd can remapping UID and GID at runtime that will be great. I'm also agree with @Zheaoli that if UID/GID remapping is doable there should be an API or config option allowing user to modify it.
I've used VSCode Dev Container with some projects, and I found that they also need to fix this UID/GID issue. https://github.com/microsoft/vscode-dev-containers/blob/main/containers/python-3/.devcontainer/library-scripts/common-debian.sh#L182
As far as I understand it, they fix it in build time but not build from scratch. The base Dockerfile has several build args. The user firstly downloads the base image and re-builds it with new args e.g., NEW_UID, NEW_GID.
Here is the build log I captured from VSCode console:
[11184 ms] Start: Check Docker is running
[11184 ms] Start: Run in Host: docker version --format {{.Server.APIVersion}}
[11405 ms] Server API version: 1.41
[11408 ms] Start: Run in Host: docker volume ls -q
[11581 ms] Start: Run in Host: docker inspect --type container 016e7f0fda022020f0e1403ffb8c970ed625c157df31e85f46c4c69a950561ac
[11649 ms] Start: Run in Host: docker rm -f 016e7f0fda022020f0e1403ffb8c970ed625c157df31e85f46c4c69a950561ac
[12280 ms] Start: Run in Host: docker ps -q -a --filter label=vsch.local.folder=/home/aaron/tmp/devcontainer-test --filter label=vsch.quality=stable
[12346 ms] Start: Run in Host: docker ps -q -a --filter label=devcontainer.local_folder=/home/aaron/tmp/devcontainer-test
[12457 ms] Start: Run in Host: /home/aaron/.vscode-server/bin/30d9c6cd9483b2cc586687151bcbcd635f373630/node /home/aaron/.vscode-remote-containers/dist/dev-containers-cli-0.238.2/dist/spec-node/devContainersSpecCLI.js up --workspace-folder /home/aaron/tmp/devcontainer-test --workspace-mount-consistency cached --id-label devcontainer.local_folder=/home/aaron/tmp/devcontainer-test --log-level debug --log-format json --config /home/aaron/tmp/devcontainer-test/.devcontainer/devcontainer.json --default-user-env-probe loginInteractiveShell --mount type=volume,source=vscode,target=/vscode,external=true --skip-post-create --update-remote-user-uid-default on --mount-workspace-git-root true --terminal-columns 197 --terminal-rows 15
[13910 ms] remote-containers 0.238.2.
[13909 ms] Start: Run: docker buildx version
[14098 ms] Start: Resolving Remote
[14119 ms] Start: Run: git rev-parse --show-cdup
[14127 ms] Start: Run: docker ps -q -a --filter label=devcontainer.local_folder=/home/aaron/tmp/devcontainer-test
[14210 ms] Start: Run: docker buildx build --load --build-arg BUILDKIT_INLINE_CACHE=1 -f /home/aaron/tmp/devcontainer-test/.devcontainer/Dockerfile -t vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944 --build-arg VARIANT=3.10-bullseye --build-arg NODE_VERSION=lts/* /home/aaron/tmp/devcontainer-test
[+] Building 0.5s (7/7) FINISHED
=> [internal] load build definition from Dockerfile 0.0s
=> => transferring dockerfile: 32B 0.0s
=> [internal] load .dockerignore 0.1s
=> => transferring context: 2B 0.1s
=> [internal] load metadata for mcr.microsoft.com/vscode/devcontainers/python:0-3.10-bullseye 0.3s
=> [1/2] FROM mcr.microsoft.com/vscode/devcontainers/python:0-3.10-bullseye@sha256:21a12816fcadaa16dabb4ba0e8c358361d02ea062b1b89db8786eb67173489d0 0.0s
=> CACHED [2/2] RUN if [ "lts/*" != "none" ]; then su vscode -c "umask 0002 && . /usr/local/share/nvm/nvm.sh && nvm install lts/* 2>&1"; fi 0.0s
=> exporting to image 0.0s
=> => exporting layers 0.0s
=> => writing image sha256:f5ca2cc4cd9b08f9d763be03a35e06542c6b58d1c8a6a7533fa7562c70a66124 0.0s
=> => naming to docker.io/library/vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944 0.0s
=> exporting cache 0.0s
=> => preparing build cache for export 0.0s
[15279 ms] Start: Run: docker inspect --type image vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944
[15342 ms] Start: Run: docker build -f /tmp/vsch/updateUID.Dockerfile-0.238.2 -t vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944-uid --build-arg BASE_IMAGE=vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944 --build-arg REMOTE_USER=vscode --build-arg NEW_UID=1042 --build-arg NEW_GID=1042 --build-arg IMAGE_USER=root /tmp/vsch
Sending build context to Docker daemon 5.12kB
Step 1/10 : ARG BASE_IMAGE
Step 2/10 : FROM $BASE_IMAGE
---> f5ca2cc4cd9b
Step 3/10 : USER root
---> Using cache
---> 874aed0bb282
Step 4/10 : ARG REMOTE_USER
---> Using cache
---> da9f4a3c90b4
Step 5/10 : ARG NEW_UID
---> Using cache
---> e4cd38d66757
Step 6/10 : ARG NEW_GID
---> Using cache
---> fbbcd0fcde1f
Step 7/10 : SHELL ["/bin/sh", "-c"]
---> Using cache
---> 1b67b44ac8b8
Step 8/10 : RUN eval $(sed -n "s/${REMOTE_USER}:[^:]*:\([^:]*\):\([^:]*\):[^:]*:\([^:]*\).*/OLD_UID=\1;OLD_GID=\2;HOME_FOLDER=\3/p" /etc/passwd); eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_UID}:.*/EXISTING_USER=\1/p" /etc/passwd); eval $(sed -n "s/\([^:]*\):[^:]*:${NEW_GID}:.*/EXISTING_GROUP=\1/p" /etc/group); if [ -z "$OLD_UID" ]; then echo "Remote user not found in /etc/passwd ($REMOTE_USER)."; elif [ "$OLD_UID" = "$NEW_UID" -a "$OLD_GID" = "$NEW_GID" ]; then echo "UIDs and GIDs are the same ($NEW_UID:$NEW_GID)."; elif [ "$OLD_UID" != "$NEW_UID" -a -n "$EXISTING_USER" ]; then echo "User with UID exists ($EXISTING_USER=$NEW_UID)."; elif [ "$OLD_GID" != "$NEW_GID" -a -n "$EXISTING_GROUP" ]; then echo "Group with GID exists ($EXISTING_GROUP=$NEW_GID)."; else echo "Updating UID:GID from $OLD_UID:$OLD_GID to $NEW_UID:$NEW_GID."; sed -i -e "s/\(${REMOTE_USER}:[^:]*:\)[^:]*:[^:]*/\1${NEW_UID}:${NEW_GID}/" /etc/passwd; if [ "$OLD_GID" != "$NEW_GID" ]; then sed -i -e "s/\([^:]*:[^:]*:\)${OLD_GID}:/\1${NEW_GID}:/" /etc/group; fi; chown -R $NEW_UID:$NEW_GID $HOME_FOLDER; fi;
---> Using cache
---> 141aa2bb60aa
Step 9/10 : ARG IMAGE_USER
---> Using cache
---> d7ed6a1029e5
Step 10/10 : USER $IMAGE_USER
---> Using cache
---> 7d85ff3a9f1d
Successfully built 7d85ff3a9f1d
Successfully tagged vsc-devcontainer-test-d1cfa43adb1ee586e5b9e4ff93f16944-uid:latestOriginally posted by @aaronzs in #370 (comment)