Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

not root user in vscode remote container extension #126

Closed
kinghat opened this issue May 12, 2021 · 2 comments · Fixed by #128
Closed

not root user in vscode remote container extension #126

kinghat opened this issue May 12, 2021 · 2 comments · Fixed by #128

Comments

@kinghat
Copy link
Contributor

kinghat commented May 12, 2021
edited

i cant seem to get the remote container vs code extension to allow me to use the integrated terminal as the "deno" user that the image provides. it says this when the container is run:

image

# cat /etc/passwd
root:x:0:0:root:/root:/bin/ash
bin:x:1:1:bin:/bin:/sbin/nologin
daemon:x:2:2:daemon:/sbin:/sbin/nologin
...
guest:x:405:100:guest:/dev/null:/sbin/nologin
nobody:x:65534:65534:nobody:/:/sbin/nologin
deno:x:1993:1993:Linux User,,,:/home/deno:/sbin/nologin

Dockerfile:

FROM hayd/alpine-deno:1.9.2

RUN apk --update add python3 git smartmontools tzdata && \
    apk add snapraid --update-cache --repository http://dl-cdn.alpinelinux.org/alpine/edge/testing --allow-untrusted && \
    rm -rf /var/cache/apk/*

COPY .devcontainer/config/snapraid.conf /etc

EXPOSE 8080 

WORKDIR /app

USER deno

COPY deps.ts .
RUN deno cache deps.ts

ADD src ./src

RUN deno cache src/server.ts

devcontainer.json:

{
  "name": "snapraid-api",
  "dockerFile": "Dockerfile",
  "context": "..",
  "settings": {
    "terminal.integrated.defaultProfile.linux": "/bin/sh"
  },
  "extensions": ["denoland.vscode-deno"],
  "forwardPorts": [8080],
  "remoteUser": "deno"
}

i know that some of their example images have non root users, like node. commenting out USER deno in the image and "remoteUser": "deno" in the json config allows me to use the integrated terminal as root just fine. maybe someone familiar with the extension might spot what im doing wrong?

source of my .devcontainer directory: https://github.com/kinghat/snapraid-gui/tree/0dc7e54815d68ef2f9abd8934ede9fcaca404714/apps/api/.devcontainer

adding the shadow package and using chsh to change the shell of deno results in PAM auth error that might be related here: https://gitlab.alpinelinux.org/alpine/aports/-/issues/11025
@kinghat
Copy link
Contributor Author

kinghat commented May 13, 2021

so it looks like i was running into two issues:

  • deno is created as an system user -S
  • the assigned gid and uid were not mapping to my host and getting permission errors

i altered the base image to below to play nice with the remote container vscode extension:

RUN addgroup deno \
  && adduser --disabled-password deno --ingroup deno\
  && mkdir /deno-dir/ \
  && chown deno:deno /deno-dir/

i do still have a couple questions though. why are the uid/gid set to 1993 and why the -S system user flag? is it a security thing?

@hayd
Copy link
Contributor

hayd commented May 13, 2021

I thought the base image examples I had seen used system users... but maybe this is not the case?
e.g. https://github.com/nodejs/docker-node/blob/8b68fca7a5089bd8795ae85b55617314e966487b/16/alpine3.11/Dockerfile#L6

1993 is the year Jurassic Park was released 😳

Happy to take PR for alpine dockerfile to fix.

@kinghat kinghat mentioned this issue May 13, 2021
Merged
@hayd hayd closed this as completed in #128 May 13, 2021
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

change to a standard, explicit user creation kinghat/deno-docker
2 participants
@hayd @kinghat