search

microsoft / vscode-remote-release

Visual Studio Code Remote Development: Open any folder in WSL, in a Docker container, or on a remote machine using SSH and take advantage of VS Code's full feature set.
https://aka.ms/vscode-remote
Other
3.64k stars 285 forks source link

wrong user permission in devcontainer when using docker-compose and remoteUser #9641

Open jdratlif opened 7 months ago

jdratlif commented 7 months ago

Steps to Reproduce:

  1. Clone https://github.com/jdratlif/devcontainer-test
  2. Open backend devcontainer
  3. Open terminal and run ls -l.
  4. Files should be owned by docker user.
  5. Open frontend devcontainer
  6. Open terminal and run ls -l.
  7. Files will be owned by whatever UID cloned the git repo locally. Depends on the system. If your local user ID is 1000, this problem will be masked because the inside and outside docker UIDs are the same.

I expected that the files in both containers would be owned by the docker user. I am the docker user in both containers, but the UIDs are not being fixed.

Here is a two minute video demonstrating the entire problem on a fresh Linux Mint 21.3 VM. New docker and VS code install. Local user pve added to docker group. Only extension is devcontainers. Everything is current as of 2024-03-06.

https://technoplaza.net/temp/devcontainer-issue-20240306.mp4

My firefox couldn't play the h265 video captured by OBS, but chrome and smplayer worked.

Does this issue occur when you try this locally?: Yes Does this issue occur when you try this locally and all extensions are disabled?: Yes

chrmarti commented 7 months ago

We automatically update UID/GID of the container user for the first dev container, the other container is not considered a dev container at that point, but is also started by Docker Compose.

We currently look at each devcontainer.json in isolation without considering any of the other devcontainer.json files, so we don't know that the second container should get the UID/GID update like the first.

jdratlif commented 7 months ago

Thanks, this was what I thought was happening. I assume the UID/GID change has to happen during the build process, but we can switch to using the docker user at attach time, so that's why I am the docker user in both places, but without the UIDs.

It would be really helpful if there were some way to f ix the UID/GID in multiple containers. As it exists now, it's harder to mount a local git repo and work on a custom backend and frontend simultaneously. You have to rebuild the container you're working with each time or the user won't have the right permissions.

There are workarounds. Rebuilding the container. Attaching as root (breaks local permissions, but it doesn't prevent working). Cloning the git repo in a docker volume and using root is probably easiest.

yoh1496 commented 1 month ago

I have same problem in case I try to develop both of frontend and backend by following this article: https://code.visualstudio.com/remote/advancedcontainers/connect-multiple-containers

updateRemoteUserUID seems to have no effect on containers other than the first.

It would be really helpful if there were some way to f ix the UID/GID in multiple containers.

:+1: