I create the user "ros" inside the docker and add it in group "sudo", as shown in the docker script below.
FROM ubuntu:20.04
[...]
RUN useradd --create-home --shell /bin/bash -G sudo ros
[...]
However, the group adding never success. I also tried "usermod -aG sudo ros" and the result is the same.
Here is the brief description of the environment I am using:
Host machine: ubuntu 20.04 on x64
Docker image: based on ubuntu 20.04
After restarting docker container, I checked with the command ‘id’ and it seems that the user is not added into "sudo" group. I also checked /etc/group but it shows the user "ros" is in group "sudo".
Currently I am using "exec newgrp sudo" for my work. However, I also want to add the user to group "dialout" and the same problem remains, so I need to know how I can add user to a certain group in Docker.
Does anyone know what step I might miss? Please notify me if I should provide any other information.
Edit:
Here are the /etc/group file and docker inspect output:
/etc/group file
root:x:0:
daemon:x:1:
bin:x:2:
sys:x:3:
adm:x:4:
tty:x:5:
disk:x:6:
lp:x:7:
mail:x:8:
news:x:9:
uucp:x:10:
man:x:12:
proxy:x:13:
kmem:x:15:
dialout:x:20:ros
fax:x:21:
voice:x:22:
cdrom:x:24:
floppy:x:25:
tape:x:26:
sudo:x:27:ros
audio:x:29:pulse
dip:x:30:
www-data:x:33:
backup:x:34:
operator:x:37:
list:x:38:
irc:x:39:
src:x:40:
gnats:x:41:
shadow:x:42:
utmp:x:43:
video:x:44:
sasl:x:45:
plugdev:x:46:
staff:x:50:
games:x:60:
users:x:100:
nogroup:x:65534:
systemd-timesync:x:101:
systemd-journal:x:102:
systemd-network:x:103:
systemd-resolve:x:104:
messagebus:x:105:
input:x:106:
kvm:x:107:
render:x:108:
bluetooth:x:109:
rdma:x:110:
rtkit:x:111:
ssh:x:112:
netdev:x:113:
lpadmin:x:114:
avahi:x:115:
scanner:x:116:saned
saned:x:117:
colord:x:118:
geoclue:x:119:
pulse:x:120:
pulse-access:x:121:
gdm:x:122:
ros:x:1000:
And docker inspect:
[
{
"Id": "d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28",
"Created": "2023-06-01T18:42:44.891896943Z",
"Path": "/bin/bash",
"Args": [],
"State": {
"Status": "exited",
"Running": false,
"Paused": false,
"Restarting": false,
"OOMKilled": false,
"Dead": false,
"Pid": 0,
"ExitCode": 0,
"Error": "",
"StartedAt": "2023-06-02T19:04:55.495093038Z",
"FinishedAt": "2023-06-02T20:58:27.280446972Z"
},
"Image": "sha256:d0e177ece3e530e3ef524973fa0da513c294d0ec5ca1ebd1f7d98bfede55921c",
"ResolvConfPath": "/var/lib/docker/containers/d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28/resolv.conf",
"HostnamePath": "/var/lib/docker/containers/d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28/hostname",
"HostsPath": "/var/lib/docker/containers/d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28/hosts",
"LogPath": "/var/lib/docker/containers/d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28/d5d54dc25c439cd417bd661a3c97c62001f69abc1946a461c2c93911c493db28-json.log",
"Name": "/ros_host_container",
"RestartCount": 0,
"Driver": "overlay2",
"Platform": "linux",
"MountLabel": "",
"ProcessLabel": "",
"AppArmorProfile": "unconfined",
"ExecIDs": null,
"HostConfig": {
"Binds": [
"/dev:/dev:rw",
"/tmp/.X11-unix:/tmp/.X11-unix:rw",
"/home/brad/Documents/ROS_Docker/ros_ws:/home/ros:rw"
],
"ContainerIDFile": "",
"LogConfig": {
"Type": "json-file",
"Config": {}
},
"NetworkMode": "host",
"PortBindings": {},
"RestartPolicy": {
"Name": "no",
"MaximumRetryCount": 0
},
"AutoRemove": false,
"VolumeDriver": "",
"VolumesFrom": null,
"ConsoleSize": [
53,
203
],
"CapAdd": null,
"CapDrop": null,
"CgroupnsMode": "host",
"Dns": [],
"DnsOptions": [],
"DnsSearch": [],
"ExtraHosts": [
"ros_host:127.0.1.1"
],
"GroupAdd": null,
"IpcMode": "private",
"Cgroup": "",
"Links": null,
"OomScoreAdj": 0,
"PidMode": "",
"Privileged": true,
"PublishAllPorts": false,
"ReadonlyRootfs": false,
"SecurityOpt": [
"label=disable"
],
"UTSMode": "",
"UsernsMode": "",
"ShmSize": 67108864,
"Runtime": "runc",
"Isolation": "",
"CpuShares": 0,
"Memory": 0,
"NanoCpus": 0,
"CgroupParent": "",
"BlkioWeight": 0,
"BlkioWeightDevice": [],
"BlkioDeviceReadBps": [],
"BlkioDeviceWriteBps": [],
"BlkioDeviceReadIOps": [],
"BlkioDeviceWriteIOps": [],
"CpuPeriod": 0,
"CpuQuota": 0,
"CpuRealtimePeriod": 0,
"CpuRealtimeRuntime": 0,
"CpusetCpus": "",
"CpusetMems": "",
"Devices": [],
"DeviceCgroupRules": null,
"DeviceRequests": null,
"MemoryReservation": 0,
"MemorySwap": 0,
"MemorySwappiness": null,
"OomKillDisable": false,
"PidsLimit": null,
"Ulimits": null,
"CpuCount": 0,
"CpuPercent": 0,
"IOMaximumIOps": 0,
"IOMaximumBandwidth": 0,
"MaskedPaths": null,
"ReadonlyPaths": null
},
"GraphDriver": {
"Data": {
"LowerDir": "/var/lib/docker/overlay2/84aac4a21d23a1eadc4b299b991ef5310fb76ca7838862c3fe96be04b48276e8-init/diff:/var/lib/docker/overlay2/ehi01rxf9psji3wdqh0ceh4l2/diff:/var/lib/docker/overlay2/hz354wg6wvqnnq4hkkim5i2he/diff:/var/lib/docker/overlay2/rkoxnsot1rjmkqzjznkne212u/diff:/var/lib/docker/overlay2/qhhufik40l2u3sbg3g3bekh7k/diff:/var/lib/docker/overlay2/wkawb3bz67kf5w2w3tb22pndy/diff:/var/lib/docker/overlay2/6c9pq3knt3htqduczp5e0zpaw/diff:/var/lib/docker/overlay2/cm18ircdncmc898dhsjujst6p/diff:/var/lib/docker/overlay2/xdpt9aurjd7zs3aj27gfu28qg/diff:/var/lib/docker/overlay2/z6763fohr2y46yava6mwkyvhz/diff:/var/lib/docker/overlay2/ataomfrks99j5voyt076yvjnx/diff:/var/lib/docker/overlay2/7c7prvcl9o2pb9zjbesxxen39/diff:/var/lib/docker/overlay2/cfm9k0u58fmokb51h4bozlkyy/diff:/var/lib/docker/overlay2/n3blum7x2af46pn2p1cckay42/diff:/var/lib/docker/overlay2/laar7nipcxj7f10mf56ugnspj/diff:/var/lib/docker/overlay2/6axou0lzc37eqh7weh3l1aonf/diff:/var/lib/docker/overlay2/yo24sspq5wmrcmt7opcjt9y05/diff:/var/lib/docker/overlay2/xrbl7tub5majkcunf3wdezuew/diff:/var/lib/docker/overlay2/pnlfdbqh47qzjy5y3gh10zd5v/diff:/var/lib/docker/overlay2/1c117fda1704d91763f47ee084b86d64658f24c0a7b1fdd998c068dae99147d3/diff",
"MergedDir": "/var/lib/docker/overlay2/84aac4a21d23a1eadc4b299b991ef5310fb76ca7838862c3fe96be04b48276e8/merged",
"UpperDir": "/var/lib/docker/overlay2/84aac4a21d23a1eadc4b299b991ef5310fb76ca7838862c3fe96be04b48276e8/diff",
"WorkDir": "/var/lib/docker/overlay2/84aac4a21d23a1eadc4b299b991ef5310fb76ca7838862c3fe96be04b48276e8/work"
},
"Name": "overlay2"
},
"Mounts": [
{
"Type": "bind",
"Source": "/dev",
"Destination": "/dev",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/home/brad/Documents/ROS_Docker/ros_ws",
"Destination": "/home/ros",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
},
{
"Type": "bind",
"Source": "/tmp/.X11-unix",
"Destination": "/tmp/.X11-unix",
"Mode": "rw",
"RW": true,
"Propagation": "rprivate"
}
],
"Config": {
"Hostname": "ros_host",
"Domainname": "",
"User": "1000:1000",
"AttachStdin": false,
"AttachStdout": false,
"AttachStderr": false,
"Tty": true,
"OpenStdin": true,
"StdinOnce": false,
"Env": [
"DISPLAY=:0",
"QT_X11_NO_MITSHM=1",
"PATH=/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin"
],
"Cmd": [
"/bin/bash"
],
"Image": "ros_host",
"Volumes": null,
"WorkingDir": "/home/ros",
"Entrypoint": null,
"OnBuild": null,
"Labels": {
"org.opencontainers.image.ref.name": "ubuntu",
"org.opencontainers.image.version": "20.04"
}
},
"NetworkSettings": {
"Bridge": "",
"SandboxID": "94f374ee1feaf9ffb30b46db69a2168116c2e775d2f98279302640c17e23b63b",
"HairpinMode": false,
"LinkLocalIPv6Address": "",
"LinkLocalIPv6PrefixLen": 0,
"Ports": {},
"SandboxKey": "/var/run/docker/netns/default",
"SecondaryIPAddresses": null,
"SecondaryIPv6Addresses": null,
"EndpointID": "",
"Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"MacAddress": "",
"Networks": {
"host": {
"IPAMConfig": null,
"Links": null,
"Aliases": null,
"NetworkID": "8bce69e66b65a905c2ecb6ff8e80ff482dc55f6a582e2d47f13c94383c6c4c3c",
"EndpointID": "",
"Gateway": "",
"IPAddress": "",
"IPPrefixLen": 0,
"IPv6Gateway": "",
"GlobalIPv6Address": "",
"GlobalIPv6PrefixLen": 0,
"MacAddress": "",
"DriverOpts": null
}
}
}
}
]
2
Answers
It looks like you set the user to
1000:1000. Secondary groups are not configured when you explicitly set the user and group. You should be running the container with only the user specified.If this container is started with
docker run, that would mean using--user 1000or--user ros. If the user is specified in the Dockerfile, you would have the lineUSER rosand then not set a user when starting the container (since it’s defined in the image)."User": "1000:1000",When you do
--suer 1000:1000you will only get1000:1000. Use--user 1000or--user ros– this will pull groups from/etc/groups. Or use--user 1000:1000 --group-add 27.