Group does not change (UID & GID from 1000 to 1001)

[Cyb10101]

I have created a user 1000 and a group 1000 in a Dockerfile. The Dockerfile is built and is ready to be downloaded.

If one host user with ID 1001 starts the Docker image, then the system data (/etc/passwd && /etc/group) must be adapted.

At the end, the files have to be changed by the user using chown.

This works fine for the user, but not for the group.

Dockerfile:

ENV APPLICATION_UID=1000 \
    APPLICATION_USER=application \
    APPLICATION_GID=1000 \
    APPLICATION_GROUP=application

RUN curl -SsL https://github.com/boxboat/fixuid/releases/download/v0.5/fixuid-0.5-linux-amd64.tar.gz | tar -C /usr/local/bin -xzf - && \
    chown root:root /usr/local/bin/fixuid && \
    chmod 4755 /usr/local/bin/fixuid && \
    mkdir -p /etc/fixuid && \
    printf "user: ${APPLICATION_USER}\ngroup: ${APPLICATION_GROUP}\n" > /etc/fixuid/config.yml
    printf "user: ${APPLICATION_USER}\ngroup: ${APPLICATION_GROUP}\npaths:\n - /home/${APPLICATION_USER}\n - /home/${APPLICATION_USER}/.composer/cache\n - /tmp\n" > /etc/fixuid/config.yml

Docker image start:

# APPLICATION_UID=1001
# APPLICATION_GID=1001

# Change user id from 1000 to 1001
if ! getent group ${APPLICATION_GID} >/dev/null 2>&1; then
    groupmod -g ${APPLICATION_GID} application
fi

# Change group id from 1000 to 1001
if ! getent passwd ${APPLICATION_UID} >/dev/null 2>&1; then
    usermod -u ${APPLICATION_UID} application
fi

# Fix uid
eval $( fixuid -q )

Hints:

$ cat /etc/fixuid/config.yml
user: application
group: application
paths:
 - /home/application
 - /home/application/.composer/cache
 - /tmp

$ ls -l /home/application
drwxr-xr-x 1 application        1000 .
# drwxr-xr-x 1 root        root        ..              (good)
-rw-r--r-- 1 application        1000 .bash_logout
-rw-r--r-- 1 application        1000 .bashrc
drwxr-xr-x 1 application        1000 .composer
#-rw-rw-r-- 1 application application .gitconfig       (good: mounted from 1001)
drwxr-xr-x 1 application        1000 .oh-my-zsh
-rw-r--r-- 1 application        1000 .profile
-rw-r--r-- 1 application        1000 .shell-methods.sh
#drwx------ 2 application application .ssh              (good: mounted from 1001)
-rw-r--r-- 1 application        1000 .vimrc
#-rw------- 1 application application .zsh_history      (good: new created after login)
-rw-r--r-- 1 application        1000 .zshrc

$ id
uid=1001(application) gid=1001(application) groups=1001(application),27(sudo)

$ grep 'application' /etc/passwd
application:x:1001:1001::/home/application:/bin/bash

$ grep 'application' /etc/group
#sudo:x:27:application (good: not nessecary)
application:x:1001:

Test it to reproduce (for example in a virtual machine):

git clone https://github.com/Cyb10101/php-dev.git
cd php-dev
git checkout cyb-fixuid

printf "APPLICATION_UID=1001\nAPPLICATION_GID=1001" > .env
mkdir app
touch app/test.html

vim docker-compose.yml
docker network create global
docker-compose down --remove-orphans && docker-compose build && docker-compose up -d && docker-compose logs -f
# Wait after: web_1   | -> Executing /opt/docker/provision/entrypoint.d/00-cyb-set-user-and-group-id.sh

docker-compose exec web bash
ls -la /home/application

Add docker-compose.yml:

version: '3.5'

services:
  web:
    build: .
    user: ${APPLICATION_UID:-1000}:${APPLICATION_GID:-1000}
    volumes:
      - ./app:/app
      - /var/run/docker.sock:/var/run/docker.sock:ro

    environment:
      - APPLICATION_UID=${APPLICATION_UID:-1000}
      - APPLICATION_GID=${APPLICATION_GID:-1000}
    working_dir: /app

networks:
  default:
    external:
      name: global

[caleblloyd]

in your Docker image start, you should run fixuid first. Since you are running groupmod and usermod first, fixuid will run and see that the UID and GID are already correct, so it won't do anything.

[Cyb10101]

Hi, I tested it again. It does not fit together. Since I will not develop it further in the future, I will close the problem.