Can not open a dogi container without the cmd --no-user

[demathelin]

Hello, First of all, thank you for your work ! I am still using your package and it works fine for my Ubuntu 22.04. I have this tiny bug: I am not able to open a container without being root (I can only use dogi with the cmd --no-user). Here is the log:

gdemathelin@cds-gdemathe:~/workspace/ThetaProject$ dogi run theta_container:latest --name theta_dogi --workdir $(pwd)
dogi: run.go:448: imageName: theta_container:latest
dogi: run.go:457: temp xauth file: /tmp/.dogi2785834939.xauth
dogi: run.go:470: env DISPLAY=:1
dogi: run.go:506: user doesn't belong to group video, won't add it to container
dogi: run.go:506: user doesn't belong to group realtime, won't add it to container
dogi: run.go:511: workdir: /home/gdemathelin/workspace/ThetaProject
dogi: run.go:524: /dev/dri/card1 found, nvidia card? (3D might not work)
dogi: run.go:530: dogi path:/home/gdemathelin/go/bin/dogi
dogi: run.go:567: set container name: theta_dogi
dogi: run.go:572: adding --network=host
dogi: run.go:601: using apt-cacher, disable it with --no-cacher
dogi: run.go:172: build apt cacher image: dogi/apt-cacher
dogi: run.go:180: temp dir: /tmp/dogi_apt-cache1057901442
dogi: run.go:181: temp Dockerfile: /tmp/dogi_apt-cache1057901442/Dockerfile
dogi: run.go:259: container dogi_apt-cacher_cont found: 172.17.0.2
dogi: run.go:265: apt-cacher file: /tmp/.dogi_apt-cacher_2041343472
dogi: run.go:612: cmd.ArgsLenAtDash(): -1
dogi: run.go:627: imageCmd: [ /bin/bash ]
dogi: run.go:637: execCommand list: /bin/bash
dogi: run.go:651: supported distro image detected: Ubuntu
dogi: run.go:673: create user script: /tmp/.dogi3848597336.sh
dogi: run.go:698: entrypoint: [bash /dogi_create_user.sh /bin/bash]
dogi: run.go:704: docker command:  docker create --interactive --tty --workdir=/home/gdemathelin/workspace/ThetaProject --volume=/tmp/.X11-unix:/tmp/.X11-unix --env=XAUTHORITY=/.xauth --env=DISPLAY=:1 --env=TERM --device=/dev/dri --userns=host --cap-add=SYS_NICE --env=TZ=Europe/Paris --volume=/home/gdemathelin/workspace/ThetaProject:/home/gdemathelin/workspace/ThetaProject --cidfile=/tmp/.dogi2228064069172145420.cid --volume=/tmp/.dogi2228064069172145420.cid:/dogi.cid --name=theta_dogi --network=host --security-opt=apparmor:unconfined --rm --volume=/home/gdemathelin/.ssh:/home/gdemathelin/.ssh:ro --volume=/tmp/.dogi3848597336.sh:/dogi_create_user.sh theta_container:latest bash /dogi_create_user.sh /bin/bash
dogi: run.go:52: cp /tmp/.dogi2785834939.xauth -> c3abde87:/.xauth
dogi: run.go:52: cp /tmp/.dogi_apt-cacher_2041343472 -> c3abde87:/etc/apt/apt.conf.d/01proxy
dogi: run.go:52: cp /home/gdemathelin/go/bin/dogi -> c3abde87:/usr/bin/dogi
dogi: run.go:718: attach to container
dogi: run.go:719: docker start -ai c3abde873616
going inside container, happy 🐳!
- create groups if necessary...
  - gdemathelin (gid 1000)
    . check gid 1000 is valid...
     - gid (by gid): OK
     - gid (by gname): OK
    . check group name gdemathelin is valid...
     - groupname (by gid): WARNING
      -> groupname (by gid) exists inside container exists and differs from outside:
      -> inside_gname_bygid:ubuntu, outside container: gdemathelin
     - groupname (by gname): OK
    ---------------------------------
    Warning: there were some issues with group gdemathelin (1000),
    check log above but very often this does not pose a problem
    (if it does create an issue with the running log output above).
    ---------------------------------
- creating user...
userdel: ubuntu mail spool (/var/mail/ubuntu) not found
useradd: group '1000' does not exist

Thanks again for your work.

[ntorresalberto]

Hey, thanks for the report. It seems the group id 1000 already exists inside the image theta_container by the name ubuntu according to this line: -> inside_gname_bygid:ubuntu, outside container: gdemathelin Could it be that you're creating it in the image? (maybe in the Dockerfile?)

If so, I'm not sure what's the best solution (because the group would need to be deleted inside the container and, though it might work in this case, I doubt it's a good choice in the long run, for instance, it might happen to other system-level groups). Do you have any thoughts?

edit: I assume it is created inside the image because I haven't encountered it in the default ubuntu images, but I might be wrong. Can you share the Dockerfile and/or the base image used?

[demathelin]

Here is my Dockerfile:

FROM ubuntu:23.10 as base

USER root

ENV PYTHONDONTWRITEBYTECODE 1
ENV PYTHONUNBUFFERED 1
ENV DEBIAN_FRONTEND noninteractive

# install python3.12

RUN apt update &&\
    apt upgrade -y && \
    apt install -y --no-install-recommends curl gcc g++ gnupg unixodbc-dev openssl git &&\
    apt install -y software-properties-common ca-certificates &&\
    apt install -y build-essential zlib1g-dev libncurses5-dev libgdbm-dev libssl-dev libreadline-dev libffi-dev wget libbz2-dev libsqlite3-dev && \
    update-ca-certificates && \
    rm -rf /var/lib/apt/lists/*

RUN mkdir /python && cd /python && \
    wget https://www.python.org/ftp/python/3.12.2/Python-3.12.2.tgz && \
    tar -zxvf Python-3.12.2.tgz && \
    cd Python-3.12.2 && \
    ls -lhR && \
    ./configure CFLAGS="-fPIC" --enable-optimizations && \
    make install && \
    rm -rf /python

RUN apt update
RUN apt install -y build-essential g++ autotools-dev libicu-dev libbz2-dev

RUN apt install -y git clang libclang-dev
RUN apt install -y cmake libeigen3-dev doxygen
RUN apt install -y curl libcurl4-openssl-dev libzstd-dev

RUN python3 -m ensurepip --upgrade

RUN pip3 install numpy wheel pyplusplus pygccxml==2.2.1 scipy setuptools

WORKDIR ./../..
RUN apt update
RUN apt install -y libzmq3-dev
RUN git clone https://github.com/meshcat-dev/meshcat-python.git meshcat
WORKDIR  ./meshcat
RUN git checkout 785bc9d5ba6f8a8bb79ee8b25f523805946c1fbd && \
    git submodule update --init --recursive

RUN python3 setup.py install

WORKDIR ./..
RUN pip3 install qpsolvers[clarabel]

RUN git clone https://github.com/JuJankowski/vp-sto.git vpsto
WORKDIR  ./vpsto
RUN pip3 install .

WORKDIR ./..
RUN apt install -y libglfw3-dev

RUN pip3 install git+https://github.com/quadprog/quadprog.git@refs/pull/43/head

WORKDIR /

RUN pip3 install git+https://github.com/google-deepmind/dm_control.git

RUN mkdir /boost && cd /boost && \
    wget -O boost_1_77_0.tar.bz2 https://sourceforge.net/projects/boost/files/boost/1.77.0/boost_1_77_0.tar.bz2/download &&\
    tar xvfo boost_1_77_0.tar.bz2

RUN ln -s /usr/local/bin/python3 /usr/local/bin/python
WORKDIR ./boost/boost_1_77_0 
RUN ./bootstrap.sh --prefix=/usr/local --with-python=python3 --with-libraries=filesystem,math,program_options,python,serialization,system  &&\
    ./b2 &&\
    ./b2 install

WORKDIR /

RUN git clone https://github.com/CastXML/CastXML.git castxml
WORKDIR ./castxml

RUN git checkout 1a460924d456d9983082d615e0df5f797fdeb635
RUN mkdir -p build
WORKDIR ./build
RUN cmake ..
RUN make -j16
RUN make install

WORKDIR ../..

RUN pip3 install pygad

# RUN pip3 install -U "jax[cuda11_pip]" -f https://storage.googleapis.com/jax-releases/jax_cuda_releases.html
RUN pip3 install mujoco-mjx
RUN pip3 install flake8

RUN apt install -y libxinerama-dev libxcursor-dev libxi-dev 

WORKDIR /home/ubuntu
RUN git clone https://github.com/google-deepmind/mujoco.git mujoco && \
    cd mujoco && \
    mkdir build && \
    cd build && \
    cmake .. && \
    make -j16

RUN pip3 install qpmpc pygame

WORKDIR /

RUN git clone https://github.com/hashb/toppra.git toppra_lib

WORKDIR ./toppra_lib

RUN git checkout c28fd7cbc5039e9b1c1f1482f66e94a70465dda5
RUN pip3 install -r requirements3.txt
RUN pip3 install -e .
WORKDIR /

RUN apt -y install qtbase5-dev libqt5svg5-dev libqt5websockets5-dev \
    libqt5opengl5-dev libqt5x11extras5-dev libprotoc-dev libzmq3-dev \
    liblz4-dev libzstd-dev

WORKDIR /toppra_lib/toppra/constraint
RUN for i in $(ls -d *.py); do sed -i 's/"""/r"""/g' $i ; done
RUN for i in $(ls -d *.py); do sed -i 's/rr"""/r"""/g' $i ; done

WORKDIR /toppra_lib/toppra
RUN for i in $(ls -d *.py); do sed -i 's/"""/r"""/g' $i ; done
RUN for i in $(ls -d *.py); do sed -i 's/rr"""/r"""/g' $i ; done

WORKDIR /toppra_lib/toppra/solverwrapper
RUN for i in $(ls -d *.py); do sed -i 's/"""/r"""/g' $i ; done
RUN for i in $(ls -d *.py); do sed -i 's/rr"""/r"""/g' $i ; done

RUN pip3 install pin
RUN apt install -y octave
RUN pip3 install oct2py

WORKDIR /
RUN git clone https://github.com/demathelin/odio_urdf.git odio_urdf
WORKDIR ./odio_urdf
RUN git pull
RUN pip3 install .

WORKDIR /
RUN pip3 install torch torchvision torchaudio --index-url https://download.pytorch.org/whl/cpu

[ntorresalberto]

Thanks for pointing this out. It seems that since 23.04, ubuntu images now have a default user called ubuntu with uid and gid 1000:

$ docker run --rm -it ubuntu:23.04 getent group | grep 1000
ubuntu:x:1000:    # group inside image
$ docker run --rm -it ubuntu:22.10 getent group | grep 1000
# returns nothing

If you used 22.10 or below as a base, dogi would work as intended. I'm not sure why nor if it's intended but I'll guess I'll find a way to work around it in the mean time.

[ntorresalberto]

@demathelin should be fixed in latest release version (or update with dogi update :wink: ) If not, feel free to open it gain.

[demathelin]

Yes, it works now ! Thank you !