Files created inside container are owned by root:root instead of my user #49
Comments
|
Docker creates the files on the host side with the same owner/group id as inside the container. You could build the container to run with a different user that has the same numeric id as your local user. This needs more investigation to understand if we can do something in general. |
chrmarti
added
bug
|
Yeah, this is pretty obvious. However, I hope it is possible to do |
|
Appending the following to the Docker with UID and GUID replaced with the actual ones on the host side seems to work: RUN addgroup --gid 1000 devuser
RUN adduser --disabled-password --gecos "" --uid 1000 --gid 1000 devuser
ENV HOME /home/devuser
USER devuserNot sure if we have good hook to change a new file's owner after creating it. @bpasero ? |
|
@chrmarti you create the file through the |
|
@bpasero It would help if we could tell the remote extension host which UID/GID to use when creating new files. Not sure if that would be the best solution. The other approach would be to automatically create a user with the host user's UID/GID and run the remote extension host with that user. This might sometimes be unexpected, e.g., when |
|
@chrmarti this seems like a very specific thing for the remote server, maybe a config option would be better that can be set in the server on startup? I see no other real use case that would warrant new API for file system provider. |
|
I agree, could be a command line argument. /cc @alexandrudima |
|
I recommend looking into this, it can help solve the uid issues by passing your id/group into the container for it to use. It is typically used for docker containers, but perhaps it can somehow be used in this particular situation? |
|
@chrmarti At this point, there are a number of features coming in that are trying to resolve this issue. These include #46 and #1050 both of which are trying to get at the idea you can pass in the appropriate UID/GID into the container and create a user (by default it requires hand editing). I looked at making changes to the default templates in vscode-dev-containers, but repeatedly hit roadblocks in automation tricks as described in microsoft/vscode-dev-containers#108 Another I didn't mention, is that you can't use the postCreateCommand to generate the user. This is because you need to specify "-u" in runArgs in devcontainer.json, but the user won't exist yet - which results in an access denied error when trying to set up VS Code server. fixuid is a partial solution assuming a user exists in the container, but requires that a non-root user exist. Updating the default dev container templates will help, but not solve, that part of the problem. A better solution may be to simply generate a vscode user / group in the container that matches your local uid/gid when the container is initially built and run. We could then have a flag to disable that behavior if preferable. //cc: @kieferrm since I mentioned this to him today. |
|
We left this open since we have not implemented the dynamic UID/GID updating for Docker Compose yet. However, given support is already in for image and Dockerfile scenarios, I'm closing this in favor of a new, more specific issue: #2228. |
All the files and folders created while opened VSCode inside a container belong to root:root user.
I am not sure if it is issue of extension itself, but definitely makes the development harder.
Steps to Reproduce:
Does this issue occur when you try this locally?: Yes
Does this issue occur when you try this locally and all extensions are disabled?: Yes
The text was updated successfully, but these errors were encountered: