Override UID GID in VSCode Remote-containers session - docker

I am running VSCode in a Windows 10 machine, connecting to a Docker instance on a remote Linux host, to develop C++ projects. The docker instance mounts local folders for source code files, and user is set to match the user on Linux host to avoid file ownership and permission problems.
On Windows 10 I use WSL1, the default user has both UID/GID 1000, and the VSCode's docker processes use these IDs to launch and connect to the docker instance on remote. Is there a way to override the UID/GID VSCode uses so they match the IDs on remote?
Thanks,
Step 1/4 : FROM devenv:latest
---> 120d987bae07
Step 2/4 : RUN groupadd -g 301765 chengd
---> Using cache
---> 58a697ed3565
Step 3/4 : RUN useradd -l -u 301765 -g chengd chengd
---> Using cache
---> b5c7c2b48a83
Step 4/4 : USER chengd
---> Using cache
---> f310c9d1e05b
Successfully built f310c9d1e05b
Successfully tagged vsc-devenv-9da1a5f5cedc16a80d314a148acdbcaf:latest
[7325 ms] Start: Run: wsl -d Ubuntu-20.04 -e /bin/sh -c cd '/home/da/repos/devenv' && DISPLAY='1' ELECTRON_RUN_AS_NODE='1' SSH_ASKPASS='d:\Users\ChengD\.vscode\extensions\ms-vscode-remote.remote-containers-0.177.2\scripts\ssh-askpass.bat' VSCODE_SSH_ASKPASS_NODE='D:\Users\ChengD\AppData\Local\Programs\Microsoft VS Code\Code.exe' VSCODE_SSH_ASKPASS_MAIN='d:\Users\ChengD\.vscode\extensions\ms-vscode-remote.remote-containers-0.177.2\dist\common\sshAskpass.js' VSCODE_SSH_ASKPASS_HANDLE='\\.\pipe\ssh-askpass-7e8e4f69496930d0e88509584ba46ab3357d9ff1-sock' DOCKER_CONTEXT='tcp_201' VSCODE_SSH_ASKPASS_COUNTER='5' docker 'inspect' '--type' 'image' 'vsc-devenv-9da1a5f5cedc16a80d314a148acdbcaf'
[10240 ms] Start: Run: wsl -d Ubuntu-20.04 -e /bin/sh -c cd '/home/da/repos/devenv' && DISPLAY='1' ELECTRON_RUN_AS_NODE='1' SSH_ASKPASS='d:\Users\ChengD\.vscode\extensions\ms-vscode-remote.remote-containers-0.177.2\scripts\ssh-askpass.bat' VSCODE_SSH_ASKPASS_NODE='D:\Users\ChengD\AppData\Local\Programs\Microsoft VS Code\Code.exe' VSCODE_SSH_ASKPASS_MAIN='d:\Users\ChengD\.vscode\extensions\ms-vscode-remote.remote-containers-0.177.2\dist\common\sshAskpass.js' VSCODE_SSH_ASKPASS_HANDLE='\\.\pipe\ssh-askpass-7e8e4f69496930d0e88509584ba46ab3357d9ff1-sock' DOCKER_CONTEXT='tcp_201' VSCODE_SSH_ASKPASS_COUNTER='6' docker 'build' '-f' '/tmp/vsch/updateUID.Dockerfile-0.177.2' '-t' 'vsc-devenv-9da1a5f5cedc16a80d314a148acdbcaf-uid' '--build-arg' 'BASE_IMAGE=vsc-devenv-9da1a5f5cedc16a80d314a148acdbcaf' '--build-arg' 'REMOTE_USER=chengd' '--build-arg' 'NEW_UID=1000' '--build-arg' 'NEW_GID=1000' '--build-arg' 'IMAGE_USER=chengd' '/tmp/vsch'

Solved the problem by setting updateRemoteUserUID to false in devcontainer.json.

Related

"container-suseconnect-zypp" : dockerfile fail on PAYG SLES15.1 VM(azuer)

I'm new here.
I'm trying to Creating custom Docker container images on Azure VM.
But I cant create them because of "container-suseconnect-zypp"
environment : AZURE Virtual Machine (Standard B4ms) - SLES15 SP1 (PAYG)
first of all, I've no problem for getting repository on local (below)
# zypper lr -u
Refreshing service 'container-suseconnect-zypp'.
Repository priorities are without effect. All enabled repositories share the same priority.
# | Alias | Name | Enabled | GPG Check | Refresh | URI
----+-------------------------------------------------------------------------------------------------------+---------------------------------------------------------------------------+---------+-----------+---------+-------------------------------------------------------------------------------------------------------------------------------------------------------------------
1 | Basesystem_Module_x86_64:SLE-Module-Basesystem15-SP1-Debuginfo-Pool | SLE-Module-Basesystem15-SP1-Debuginfo-Pool | No | ---- | ---- | plugin:/susecloud?credentials=Basesystem_Module_x86_64&path=/repo/SUSE/Products/SLE-Module-Basesystem/15-SP1/x86_64/product_debug/
.
.
.
Secondly, I've already started "containerbuild-regionsrv" service
and used "host network" when I built Docker Image
with reference to the following : https://documentation.suse.com/container/all/single-html/SLES-container/index.html
> sudo systemctl start containerbuild-regionsrv
> sudo systemctl enable containerbuild-regionsrv
> docker build --network host /build-directory/
my Dockerfile is
FROM registry.suse.com/suse/sle15:15.1
# Extra metadata
LABEL version="1.0"
LABEL description="Base SLES 15 SP1 SAP image"
# Create zypper repos and empty folder in NEW Container
RUN mkdir -p /etc/zypp/repos.d \
&& mkdir -p /jail
# add repo from local repo
RUN zypper ar plugin:/susecloud?credentials=Basesystem_Module_x86_64&path=/repo/SUSE/Products/SLE-Module-Basesystem/15-SP1/x86_64/product_debug/ \
&& zypper ar plugin:/susecloud?credentials=Basesystem_Module_x86_64&path=/repo/SUSE/Updates/SLE-Module-Basesystem/15-SP1/x86_64/update_debug/
.
.
.
# Update repos and install missing packages:
RUN update-ca-certificates && zypper ref -s && zypper update -y
here's my Question.
Why my URI of SLES repo start with not "https://" but "plugin:/"? Is there no problem for adding repo inside container?
When I build Docker Image from Dockerfile, My result is :
# docker build --network host -t base_os .
Sending build context to Docker daemon 4.359GB
Step 1/6 : FROM registry.suse.com/suse/sle15:15.1
---> d6d9e74d8ba3
Step 2/6 : LABEL version="1.0"
---> Running in 51b8f6dc39e5
Removing intermediate container 51b8f6dc39e5
---> 12b8756a372c
Step 3/6 : LABEL description="Base SLES 15 SP1 SAP image"
---> Running in 1b57cfcdceea
Removing intermediate container 1b57cfcdceea
---> aa8ddd1de6b4
Step 4/6 : RUN mkdir -p /etc/zypp/repos.d && mkdir -p /jail
---> Running in fd5a0d6cf9bc
Removing intermediate container fd5a0d6cf9bc
---> 982b38ddd9c7
Step 5/6 : RUN zypper ar plugin:/susecloud?credentials=Basesystem_Module_x86_64&path=/repo/SUSE/Products/SLE-Module-Basesystem/15-SP1/x86_64/product_debug/
---> Running in 74416afc3982
Removing intermediate container 74416afc3982
---> 3e78bccdfcd1
Step 6/6 : RUN update-ca-certificates && zypper ref -s && zypper update -y
---> Running in 0d52ac4d4e28
Refreshing service 'container-suseconnect-zypp'.
Warning: Skipping service 'container-suseconnect-zypp' because of the above error.
All services have been refreshed.
Warning: There are no enabled repositories defined.
Use 'zypper addrepo' or 'zypper modifyrepo' commands to add or enable repositories.
Problem retrieving the repository index file for service 'container-suseconnect-zypp':
[container-suseconnect-zypp|file:/usr/lib/zypp/plugins/services/container-suseconnect-zypp]
I think, because of 'container-suseconnect-zypp' issue, I can't install some additional packages needed for SAP inside my container, even if I'll build Docker image without Dockerfile step 6/6.
Is this problem related with Azure VM using PAYG SLES15?
Do I need SSL certificate used by RMT?

Missing perl command in Perl image

I'm sure this is an incredibly simple fix. I tried to build Docker image with Perl in it (plus some Perl) modules. However, when I go to run this, it says there is no /bin/perl. The question is:
Why did the Perl Docker Image not have Perl in it?
My Dockerfile below:
FROM perl:5.20
ENV PERL_MM_USE_DEFAULT 1
RUN cpan install Net::SSL inc:latest
RUN mkdir /ssc
COPY /ssc /ssc
RUN mkdir /tmp/ssc-bin-files;cp /ssc/bin/*.sh /tmp/ssc-bin-files;chmod a+rx /tmp/ssc-bin-files/*;cp /tmp/ssc-bin-files/* /ssc/bin
RUN chmod a+rx /ssc/bin/*.sh
ENTRYPOINT ["/ssc/bin/put-and-submit.sh"]
Jenkins Pipeline snippet:
stage('Build, Tag and Push SSC Dockerfile'){
tagAsTest = "${IMAGE_NAME}:test"
REPO = "chq-ic2e-sprint-images-docker-local"
println "Docker App Build"
docker.build(tagAsTest,"-f Dockerfile .")
sh 'docker image ls | grep rules-client'
}
stage('Set image tag to :approved'){
hasReachedDockerComposeUp=false;
REPO = "chq-ic2e-sprint-images-docker-local"
sh "docker tag ${IMAGE_NAME}:test ${IMAGE_NAME}:approved"
buildInfo = rtDocker.push("${IMAGE_NAME}:approved", REPO , buildInfo)
server.publishBuildInfo buildInfo
}
The Jenkins log below:
[Pipeline] sh
+ docker build -t chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/ssc-cost-file-processor:test -f Dockerfile .
Sending build context to Docker daemon 39.42kB
Step 1/8 : FROM perl:5.20
---> bbe5a82c1dbe
Step 2/8 : ENV PERL_MM_USE_DEFAULT 1
---> Using cache
---> ca2769a89ab8
Step 3/8 : RUN cpan install Net::SSL inc:latest
---> Using cache
---> 1e53f0573131
Step 4/8 : RUN mkdir /ssc
---> Using cache
---> a324effec8ce
Step 5/8 : COPY /ssc /ssc
---> d40bf34f8565
Step 6/8 : RUN mkdir /tmp/ssc-bin-files;cp /ssc/bin/*.sh /tmp/ssc-bin-files;chmod a+rx /tmp/ssc-bin-files/*;cp /tmp/ssc-bin-files/* /ssc/bin
---> Running in 02386f41174f
Removing intermediate container 02386f41174f
---> 4767a8e6f23a
Step 7/8 : RUN chmod a+rx /ssc/bin/*.sh
---> Running in 07646aa96048
Removing intermediate container 07646aa96048
---> f070fcd8a9e9
Step 8/8 : ENTRYPOINT ["/ssc/bin/put-and-submit.sh"]
---> Running in e6bab12f8f40
Removing intermediate container e6bab12f8f40
---> 1422df9d957b
Successfully built 1422df9d957b
Successfully tagged chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/ssc-cost-file-processor:test
[Pipeline] sh
+ docker image ls
+ grep rules-client
chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/rules-client approved da334d1d8fae 2 days ago 22.5MB
chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/rules-client test da334d1d8fae 2 days ago 22.5MB
Script is being run via pipeline like this:
stage('Run image'){
sh '''
docker run -i -v \
--mount type=bind,source="$(pwd)/host-dirs,target=/host-dirs" \
chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/ssc-cost-file-processor:approved
sh
'''
}
or from terminal like this:
#!/bin/bash
docker run -it \
--mount type=bind,source="$(pwd)/host-dirs,target=/host-dirs" \
chq-ic2e-sprint-images-docker-local.artifactory.swg-devops.com/ssc-cost-file-processor:approved sh
The perl binary is probably in /usr/local/bin/perl. You can check that in a shell in the running container.
host> docker exec -it your_container bash
container> which perl
/usr/local/bin/perl
container> exit
It sure has perl version 5.20 in it. I'm just curious about the entrypoint script in your dockerfile. You're running a shell script by default when the container is started. What the script starts or runs? If you want to run perl without entering the container, use --entrypoint=perl with your docker run command.
docker run --rm --name perl perl:5.20 perl --version
### Output
This is perl 5, version 20, subversion 3 (v5.20.3) built for x86_64-linux
(with 1 registered patch, see perl -V for more detail)
Copyright 1987-2015, Larry Wall
Perl may be copied only under the terms of either the Artistic License or the
GNU General Public License, which may be found in the Perl 5 source kit.
Complete documentation for Perl, including FAQ lists, should be found on
this system using "man perl" or "perldoc perl". If you have access to the
Internet, point your browser at http://www.perl.org/, the Perl Home Page.
###

DDEV + NFS + Windows: nfs gives operation not supported

I have successfully installed the nfs service on Windows 10 Pro (NFS Client is activated). It was already working, but suddenly it is not working anymore.
I think NFS Server/Service is successfully configured and installed. mount \\127.0.0.1/c/Projects N: I can mount the Share locally.
ddev start (with nfs_mount_enabled: false) works ddev start (with nfs_mount_enabled: true) gives me the
error:
Starting yogamehome-2020... Pushing mkcert rootca certs to ddev-global-cache Pushed mkcert rootca certs to ddev-global-cache Building db Building web Recreating ddev-yogamehome-2020-db ... done Recreating ddev-yogamehome-2020-web ... error Recreating ddev-yogamehome-2020-dba ...
ERROR: for ddev-yogamehome-2020-web Cannot start service web: error while mounting volume '/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data': failed to mount local volume: mount :/c/Projects/yogamehome-2020:/var/lib/docker/volumes/ddev-yogamehome-2020_n Recreating ddev-yogamehome-2020-dba ... doneock: operation not supported
ERROR: for web Cannot start service web: error while mounting volume '/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data': failed to mount local volume: mount :/c/Projects/yogamehome-2020:/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data, data: addr=127.0.0.1,hard,nolock: operation not supported Encountered errors while bringing up the project. Failed to start yogamehome-2020: Failed to run docker-compose [-f C:\Projects\yogamehome-2020.ddev\docker-compose.yaml -f C:\Projects\yogamehome-2020.ddev\docker-compose.environment.yaml -f C:\Projects\yogamehome-2020.ddev\docker-compose.hosts.yaml up --build -d ], err='exit status 1', stdout='Step 1/6 : ARG BASE_IMAGE Step 2/6 : FROM $BASE_IMAGE ---> 94b0ac137a40 Step 3/6 : ARG username ---> Using cache ---> 56f6d4f186b1 Step 4/6 : ARG uid ---> Using cache ---> 02f90fa967ed Step 5/6 : ARG gid ---> Using cache ---> 2f6228a1a2d0 Step 6/6 : RUN (groupadd --gid $gid "$username" || groupadd "$username" || true) && (useradd -l -m -s "/bin/bash" --gid "$username" --comment '' --uid $uid "$username" || useradd -l -m -s "/bin/bash" --gid "$username" --comment '' "$username") ---> Using cache ---> c3a74d13aecb
Successfully built c3a74d13aecb Successfully tagged drud/ddev-dbserver-mariadb-10.2:v1.13.0-yogamehome-2020-built Step 1/6 : ARG BASE_IMAGE Step 2/6 : FROM $BASE_IMAGE ---> 82d77d5c110a Step 3/6 : ARG username ---> Using cache ---> a4ae9b611d25 Step 4/6 : ARG uid ---> Using cache ---> 9a4a76b8819c Step 5/6 : ARG gid ---> Using cache ---> 6ef62cc84fc9 Step 6/6 : RUN (groupadd --gid $gid "$username" || groupadd "$username" || true) && (useradd -l -m -s "/bin/bash" --gid "$username" --comment '' --uid $uid "$username" || useradd -l -m -s "/bin/bash" --gid "$username" --comment '' "$username") ---> Using cache ---> 764de2909aba
Successfully built 764de2909aba Successfully tagged drud/ddev-webserver:v1.13.0-yogamehome-2020-built ', stderr='Building db Building web Recreating ddev-yogamehome-2020-db ... done Recreating ddev-yogamehome-2020-web ... error Recreating ddev-yogamehome-2020-dba ...
ERROR: for ddev-yogamehome-2020-web Cannot start service web: error while mounting volume '/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data': failed to mount local volume: mount :/c/Projects/yogamehome-2020:/var/lib/docker/volumes/ddev-yogamehome-2020_n Recreating ddev-yogamehome-2020-dba ... doneock: operation not supported
ERROR: for web Cannot start service web: error while mounting volume '/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data': failed to mount local volume: mount :/c/Projects/yogamehome-2020:/var/lib/docker/volumes/ddev-yogamehome-2020_nfsmount/_data, data: addr=127.0.0.1,hard,nolock: operation not supported Encountered errors while bringing up the project.'`
Any idea?
I can access it via Explorer and every directory is there, but cannot mount it via ddev.
Most recent version of ddev.
Thanks and kind regards, Harald
shareeditdeleteflag
You have not included C:\Projects in your ~/.ddev/nfs_exports.txt
The error says "failed to mount local volume: mount :/c/Projects/yogamehome-2020:"
It's generally recommended to have your projects in a home directory, but since you have them in \Projects, you'll need to share that in nfs_exports.txt. Add a line like this:
C:\Projects > /c/Projects
i have exactly that line in my nfs_exports.txt:
C:\Projects > /c/Projects
As i wrote above i can mount the directory locally. So i gues the Problem is not on the server side.
Thanks,
Harald
Update:
If i start ddev without nfs and then try to mount via ssh:
holzm#yogamehome-2020-web:~/nfs-mount$ sudo mount -t nfs 127.0.0.1:/Projects ~/nfs-mount
mount: /home/holzm/nfs-mount: permission denied.

Dockerfile RUN lpadmin to add a printer not working in the built image?

I want to add a printer in Dockerfile RUN command, so this is my Dockerfile
FROM dassh/eline:base
MAINTAINER dassh
# start cups service is necessary to run lpadmin command
RUN service cups start && lpadmin -p VLM2601 -v EleanBackend:/tmp -m
VLM2601_gdi.ppd -E && echo done
Build procedure
docker build -t dassh/eline .
Sending build context to Docker daemon 722.9kB
Step 1/3 : FROM dassh/eline:base
---> 712dce8cd557
Step 2/3 : MAINTAINER dassh
---> Running in 2f3f5f80b665
Removing intermediate container 2f3f5f80b665
---> 2b53b81d6ff4
Step 3/3 : RUN service cups start && lpadmin -p VLM2601 -v EleanBackend:/tmp -m VLM2601_gdi.ppd -E && echo done
---> Running in f176fbdf765e
* Starting Common Unix Printing System cupsd
...done.
done
Removing intermediate container f176fbdf765e
---> e229e278b085
Successfully built e229e278b085
Successfully tagged dassh/eline:latest
The build was successful without any error. But when I started a container with this image, I found that the printer wasn't added.
dassh#ubuntu:~$ docker run -itd dassh/eline /bin/bash
a8785057e71a598cd391f355848819295fef8e311090f70cbae95ca5360856c2
dassh#ubuntu:~$ docker cp ~/123.pdf a8:/
dassh#ubuntu:~$ docker attach a8
root#a8785057e71a:/pdf_to_prn#
root#a8785057e71a:/pdf_to_prn# service cups start
* Starting Common Unix Printing System cupsd [ OK ]
root#a8785057e71a:/pdf_to_prn# lp -o fit-to-page -o media=A4 -d VLM2601 /123.pdf
lp: The printer or class does not exist.
The command returns an error that the printer does not exist, but when I execute add printer command in the container manually, and run lp command again, everything is fine.
root#a8785057e71a:/pdf_to_prn# lpadmin -p VLM2601 -v EleanBackend:/tmp -m VLM2601_gdi.ppd -E
root#a8785057e71a:/pdf_to_prn# lp -o fit-to-page -o media=A4 -d VLM2601 /123.pdf
request id is VLM2601-1 (1 file(s))
Therefore, my adding printer command has no issues. So what is happening?
The problem cause by use lpadmin create printer.
system get printers by file /etc/cups/printers.conf.
use lpadmin add a printer will generate or update file /etc/cups/printers.conf.
step 2 is asynchronous! (It takes almost 30s in my test after execute lpadmin command)
Dockerfile RUN this step complete before file /etc/cups/printers.conf generated.

How do i give a non root user access to docker when using docker-dind?

I'm trying to run a Go CD agent using docker-dind to auto build some of my docker images.
I'm having trouble getting the user go to have access to the docker daemon.
When I try and access docker info I get the following:
[go] Task: /bin/sh ./builder.shtook: 2.820s
[START]
[USER] go
[TAG] manual
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/containers/fish/angular-cli/json: dial unix /var/run/docker.sock: connect: permission denied
Sending build context to Docker daemon 3.072kB
Step 1/8 : FROM node:8-alpine
---> 4db2697ce114
Step 2/8 : MAINTAINER jack#fish.com
---> Using cache
---> 22f46bf6b4c1
Step 3/8 : VOLUME /usr/local/share/.cache/yarn/v1
---> Using cache
---> 86b979e7a2b4
Step 4/8 : RUN apk add --no-cache --update build-base python
---> Using cache
---> 4a08b0a1fc9d
Step 5/8 : RUN yarn global add #angular/cli#1.5.3
---> Using cache
---> 6fe4530181a5
Step 6/8 : EXPOSE 4200
---> Using cache
---> 480edc47696e
Step 7/8 : COPY ./docker-entrypoint.sh /
---> Using cache
---> 329f9eaa5c76
Step 8/8 : ENTRYPOINT /docker-entrypoint.sh
---> Using cache
---> cb1180ff8e9f
Successfully built cb1180ff8e9f
Got permission denied while trying to connect to the Docker daemon socket at unix:///var/run/docker.sock: Get http://%2Fvar%2Frun%2Fdocker.sock/v1.32/containers/fish/angular-cli/json: dial unix /var/run/docker.sock: connect: permission denied
My root user can accesss docker info properly, but the go user fails.
$ cat /etc/group
root:x:0:root
bin:x:1:root,bin,daemon
daemon:x:2:root,bin,daemon
sys:x:3:root,bin,adm
....
adm:x:4:root,adm,daemon
wheel:x:10:root
xfs:x:33:xfs
ping:x:999:
nogroup:x:65533:
nobody:x:65534:
dockremap:x:101:dockremap,go
go:x:1000:go
My docker.sock permissions are as follows:
$ ls -alh /var/run/docker.sock
srw-rw---- 1 root 993 0 Apr 20 2017 /var/run/docker.sock
What do I need to append to my Dockerfile in order to allow the go user to access the docker daemon?
When running a dind container, IE docker in docker, it its common place to volume mount /var/run/docker.sock:/var/run/docker.sock from the host into the dind-container.
When this occurs, the PID is not only owned by root, but by a numeric group id from the host.
Running the following inside the container should show you the host GID:
$ ls -alh /var/run/docker.sock
srw-rw---- 1 root 993 0 Apr 20 2017 /var/run/docker.sock
The above process is owned by group 993, 993 is derived from the host machines /etc/group -> docker role.
As it is nearly impossible to ensure that we have a common group id when the image is first built, the group id should be assigned at runtime using your docker-entrypoint.sh file.
My personal goal is to get this runtime user of 'go' for a GO CD go-agent, but one could substitute this approach for jenkins or any other runtime user.
As the dind & go-agent are both based off alpine linux, the following will work for alpine-linux:
#setup docker group based on hosts mount gid
echo "Adding hosts GID to docker system group"
# this only works if the docker group does not already exist
DOCKER_SOCKET=/var/run/docker.sock
DOCKER_GROUP=docker
BUILD_USER=go
if [ -S ${DOCKER_SOCKET} ]; then
DOCKER_GID=$(stat -c '%g' ${DOCKER_SOCKET})
#addgroup is distribution specific
addgroup -S -g ${DOCKER_GID} ${DOCKER_GROUP}
addgroup ${BUILD_USER} ${DOCKER_GROUP}
fi
If you exec into the container, and cat your /etc/group file, you should see the following:
docker:x:993:go
This is a slightly modified version of #Jack's answer.
I created a docker-entrypoint.sh which will determine the GID and reuse the group if it already exists. Primarily on Docker for Windows machines the Docker socket is using root. This would need runuser as su will only work if the user's shell is not set to nologin which in my case is set to nologin
#!/bin/sh
set -e
DOCKER_SOCKET=/var/run/docker.sock
RUNUSER=jobberuser
if [ -S ${DOCKER_SOCKET} ]; then
DOCKER_GID=$(stat -c '%g' ${DOCKER_SOCKET})
DOCKER_GROUP=$(getent group ${DOCKER_GID} | awk -F ":" '{ print $1 }')
if [ $DOCKER_GROUP ]
then
addgroup $RUNUSER $DOCKER_GROUP
else
addgroup -S -g ${DOCKER_GID} docker
addgroup $RUNUSER docker
fi
fi
exec runuser -u $RUNUSER -- $#
In order to allow other users to access Docker you need to:
sudo groupadd docker
sudo usermod -aG docker go
If you are running this command as the go user, you need to logout and login after performing above task.

Resources