Description
Description
Those comments about docker gid is incorrect. Docker hasn't changed GID generation. It is always:
# make sure the "docker" system group exists for "docker.socket" to apply it as the group on "docker.sock"
if ! getent group docker > /dev/null 2>&1; then
addgroup --system docker
fi
This means if we pre-create docker group with the gid we want, docker package installation will honor it. Otherwise it will create the docker group using command addgroup --system docker
which means it will pick the next available system gid in the system gid range as defined in /etc/adduser.conf file:
...
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
...
Depending on how many system packages are already installed, the last available system gid could be different and non predictable. If we want a predictable docker gid, we need to pre-create it, eg: addgroup --system --gid 900 docker
, before we install docker package.
We can then add the "runner" user with the same gid, eg: useradd -m -s /bin/bash -c runner -g docker --uid 1001 runner
. This will make sure the runner user have access to /var/run/docker.sock
Platforms affected
- Azure DevOps
- GitHub Actions - Standard Runners
- GitHub Actions - Larger Runners
Runner images affected
- Ubuntu 22.04
- Ubuntu 24.04
- macOS 13
- macOS 13 Arm64
- macOS 14
- macOS 14 Arm64
- macOS 15
- macOS 15 Arm64
- Windows Server 2019
- Windows Server 2022
- Windows Server 2025
Image version and build link
n/a
Is it regression?
no
Expected behavior
predictable gid
Actual behavior
non-predictable gid
Repro steps
N/A