Add setup for using a non-root user

container-templates/docker-compose/.devcontainer/Dockerfile

@@ -14,6 +14,11 @@ FROM debian:9
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -25,6 +30,14 @@ RUN apt-get update \
     # * Add steps for installing needed dependencies here *
     # *****************************************************
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

container-templates/docker-compose/.devcontainer/docker-compose.yml

@@ -6,6 +6,9 @@
 version: '3'
 services:
   your-service-name-here:
+    # Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+    # user: 1000
+
     # Using a Dockerfile is optional, but included for completeness.
     build: 
       context: .

container-templates/dockerfile/.devcontainer/Dockerfile

@@ -9,6 +9,11 @@ FROM debian:9
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -20,6 +25,14 @@ RUN apt-get update \
     # * Add steps for installing needed dependencies here *
     # *****************************************************
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

container-templates/dockerfile/.devcontainer/devcontainer.json

@@ -11,7 +11,10 @@
 		// "-v","/var/run/docker.sock:/var/run/docker.sock",
 
 		// Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust
-		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"
+		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined",
+
+		// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+		// "-u", "1000"
 	],
 
 	// Uncomment the next line if you want to publish any ports.

container-templates/image/.devcontainer/devcontainer.json

@@ -8,7 +8,10 @@
 	// The optional 'runArgs' property can be used to specify additional runtime arguments.
 	"runArgs": [
 		// Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust.
-		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined"
+		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined",
+
+		// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+		// "-u", "1000"
 	],
 
 	// Uncomment the next line if you want to publish any ports.

containers/azure-ansible/.devcontainer/Dockerfile

@@ -9,6 +9,11 @@ FROM debian:9
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -50,6 +55,14 @@ RUN apt-get update \
     && apt-get install -y libssl-dev libffi-dev python-dev python-pip \
     && pip install ansible[azure] \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-ansible/.devcontainer/devcontainer.json

@@ -5,6 +5,9 @@
 		// Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust.
 		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined",
 
+		// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+		// "-u", "1000",
+
 		"-v", "/var/run/docker.sock:/var/run/docker.sock"
 	],
 

containers/azure-blockchain/.devcontainer/Dockerfile

@@ -8,6 +8,11 @@ FROM python:2.7-stretch
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -32,6 +37,14 @@ RUN apt-get update \
     && apt-get update \
     && apt-get install -y azure-cli \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-blockchain/.devcontainer/devcontainer.json

@@ -11,6 +11,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "az --version",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-vscode.azurecli",
 		"azblockchain.azure-blockchain"

containers/azure-cli/.devcontainer/Dockerfile

@@ -8,6 +8,11 @@ FROM debian:9
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -22,6 +27,14 @@ RUN apt-get update \
     && apt-get update \
     && apt-get install -y azure-cli \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-cli/.devcontainer/devcontainer.json

@@ -2,8 +2,14 @@
 	"name": "Azure CLI",
 	"dockerFile": "Dockerfile",
 
-	// Uncomment the next line if you will use a ptrace-based debugger like C++, Go, and Rust.
-	// "runArgs": [ "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined" ],
+	// The optional 'runArgs' property can be used to specify additional runtime arguments.
+	"runArgs": [
+		// Uncomment the line if you will use a ptrace-based debugger like C++, Go, and Rust.
+		// "--cap-add=SYS_PTRACE", "--security-opt", "seccomp=unconfined",
+
+		// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+		// "-u", "1000"
+	],
 
 	// Uncomment the next line if you want to publish any ports.
 	// "appPort": [],

containers/azure-functions-dotnetcore-2.1/.devcontainer/Dockerfile

@@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:2.1
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -28,6 +33,14 @@ RUN apt-get update \
     && apt-get update \
     && apt-get install -y azure-cli azure-functions-core-tools \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-functions-dotnetcore-2.1/.devcontainer/devcontainer.json

@@ -9,6 +9,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "dotnet restore",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-azuretools.vscode-azurefunctions",
 		"ms-vscode.csharp"

containers/azure-functions-dotnetcore-latest/.devcontainer/Dockerfile

@@ -8,6 +8,11 @@ FROM mcr.microsoft.com/dotnet/core/sdk:latest
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -28,6 +33,14 @@ RUN apt-get update \
     && apt-get update \
     && apt-get install -y azure-cli azure-functions-core-tools \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-functions-dotnetcore-latest/.devcontainer/devcontainer.json

@@ -9,6 +9,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "dotnet restore",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-azuretools.vscode-azurefunctions",
 		"ms-vscode.csharp"

containers/azure-functions-java-8/.devcontainer/Dockerfile

@@ -8,6 +8,11 @@ FROM maven:3-jdk-8
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# Or your actual UID, GID on Linux if not the default 1000
+ARG USERNAME=vscode
+ARG USER_UID=1000
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -31,6 +36,14 @@ RUN apt-get update \
     # Allow for a consistant java home location for settings - image is changing over time
     && if [ ! -d "/docker-java-home" ]; then ln -s "${JAVA_HOME}" /docker-java-home; fi \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && groupadd --gid $USER_GID $USERNAME \
+    && useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME \
+    # [Optional] Uncomment the next three lines to add sudo support
+    # && apt-get install -y sudo \
+    # && echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-functions-java-8/.devcontainer/devcontainer.json

@@ -9,6 +9,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "java -version",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-azuretools.vscode-azurefunctions",
 		"vscjava.vscode-java-pack"

containers/azure-functions-node-8/.devcontainer/Dockerfile

@@ -8,6 +8,13 @@ FROM node:8
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# The node image comes with a base non-root 'node' user, so the alternate
+# user here is primarily for Linux scenarios where you need to match your local
+# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user.
+ARG USERNAME=vscode
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -31,6 +38,15 @@ RUN apt-get update \
     # Install eslint
     && npm install -g eslint \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \
+    && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \
+    # [Optional] Uncomment the next four lines to add sudo support
+    # && apt-get install -y sudo \
+    # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \
+    # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Clean up
     && apt-get autoremove -y \
     && apt-get clean -y \

containers/azure-functions-node-8/.devcontainer/devcontainer.json

@@ -9,6 +9,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "npm install",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-azuretools.vscode-azurefunctions",
 		"dbaeumer.vscode-eslint"

containers/azure-functions-node-lts/.devcontainer/Dockerfile

@@ -8,6 +8,13 @@ FROM node:lts
 # Avoid warnings by switching to noninteractive
 ENV DEBIAN_FRONTEND=noninteractive
 
+# The node image comes with a base non-root 'node' user, so the alternate
+# user here is primarily for Linux scenarios where you need to match your local
+# user UID/GID. See https://aka.ms/vscode-remote/containers/non-root-user.
+ARG USERNAME=vscode
+ARG USER_UID=1001
+ARG USER_GID=$USER_UID
+
 # Configure apt and install packages
 RUN apt-get update \
     && apt-get -y install --no-install-recommends apt-utils dialog 2>&1 \
@@ -28,6 +35,15 @@ RUN apt-get update \
     && apt-get update \
     && apt-get install -y azure-cli dotnet-sdk-2.1 azure-functions-core-tools \
     #
+    # Create a non-root user to use if preferred - see https://aka.ms/vscode-remote/containers/non-root-user.
+    && if [ "$USER_GID" != "1000" ]; then groupadd --gid $USER_GID $USERNAME; fi \
+    && if [ "$USER_UID" != "1000" ]; then useradd -s /bin/bash --uid $USER_UID --gid $USER_GID -m $USERNAME; fi \
+    # [Optional] Uncomment the next four lines to add sudo support
+    # && apt-get install -y sudo \
+    # && if [ "$USER_UID" != "1000" ]; then echo $USERNAME ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/$USERNAME; fi \
+    # && echo node ALL=\(root\) NOPASSWD:ALL > /etc/sudoers.d/node \
+    # && chmod 0440 /etc/sudoers.d/$USERNAME \
+    #
     # Install eslint
     && npm install -g eslint \
     #

containers/azure-functions-node-lts/.devcontainer/devcontainer.json

@@ -9,6 +9,9 @@
 	// Uncomment the next line to run commands after the container is created.
 	// "postCreateCommand": "npm install",
 
+	// Uncomment the next line to use a non-root user. See https://aka.ms/vscode-remote/containers/non-root-user.
+	// "runArgs": [ "-u", "1000" ],
+
 	"extensions": [
 		"ms-azuretools.vscode-azurefunctions",
 		"dbaeumer.vscode-eslint"