Skip to content

fix docker gid #12130

Closed as not planned
Closed as not planned
@gfrankliu

Description

@gfrankliu

Description

Those comments about docker gid is incorrect. Docker hasn't changed GID generation. It is always:

                        # make sure the "docker" system group exists for "docker.socket" to apply it as the group on "docker.sock"
                        if ! getent group docker > /dev/null 2>&1; then
                                addgroup --system docker
                        fi

This means if we pre-create docker group with the gid we want, docker package installation will honor it. Otherwise it will create the docker group using command addgroup --system docker which means it will pick the next available system gid in the system gid range as defined in /etc/adduser.conf file:

...
FIRST_SYSTEM_GID=100
LAST_SYSTEM_GID=999
...

Depending on how many system packages are already installed, the last available system gid could be different and non predictable. If we want a predictable docker gid, we need to pre-create it, eg: addgroup --system --gid 900 docker, before we install docker package.

We can then add the "runner" user with the same gid, eg: useradd -m -s /bin/bash -c runner -g docker --uid 1001 runner. This will make sure the runner user have access to /var/run/docker.sock

Platforms affected

  • Azure DevOps
  • GitHub Actions - Standard Runners
  • GitHub Actions - Larger Runners

Runner images affected

  • Ubuntu 22.04
  • Ubuntu 24.04
  • macOS 13
  • macOS 13 Arm64
  • macOS 14
  • macOS 14 Arm64
  • macOS 15
  • macOS 15 Arm64
  • Windows Server 2019
  • Windows Server 2022
  • Windows Server 2025

Image version and build link

n/a

Is it regression?

no

Expected behavior

predictable gid

Actual behavior

non-predictable gid

Repro steps

N/A

Metadata

Metadata

Type

No type

Projects

No projects

Milestone

No milestone

Relationships

None yet

Development

No branches or pull requests

Issue actions