Devcontainer user is assigned different uid/guid than host user

[FelixZY]

Apparently, since ubuntu 24.04, the ubuntu container ships with a pre-defined ubuntu user. This user uses uid/gid 1000 by default, which forces the vscode user to use uid/gid 1001 instead. Since this does not match with my host user on linux, I'm getting a bunch of permission errors in the devcontainer.

Steps to reproduce

1. On a linux machine, make sure your uid/gid is 1000 ($ id -a)
2. Create a devcontainer to run from this Dockerfile:

FROM ghcr.io/jmuchovej/devcontainers/latex:2024

3. Launch devcontainer

Expected
No permissions issues.

$ id -a
uid=1000(vscode) gid=1000(vscode) groups=1000(vscode)
$ id -nu 1000
vscode

Actual
Unable to save file edits due to permission issues.

$ id -a
uid=1001(vscode) gid=1001(vscode) groups=1001(vscode)
$ id -nu 1000
ubuntu

Additional context

• https://askubuntu.com/a/1515958
• https://bugs.launchpad.net/cloud-images/+bug/2005129

These indicate that RUN touch /var/mail/ubuntu && chown ubuntu /var/mail/ubuntu && userdel -r ubuntu should probably be added to the container as a workaround.

[jmuchovej]

👋 thanks for reporting! can you clarify what you mean by "unable to save file edits due to permission issues"? e.g., where are these files located?

additionally: did you hand-craft your .devcontainer.json or did you use the template from this repository?

i don't think there's a need to remove the ubuntu user – as there are plenty of devcontainers which i use that are based on mcr.microsoft.com/devcontainers/base:noble (like this one is) without permissions issues. **but i would not be surprised if there's a need to ensure that the vscode user owns, for instance, the TEXDIR and the like (looking back over the Dockerfile). however, before making these edits, i'd like to hear more about what files you're unable to write/edit. 🙂

[FelixZY]

That would be any file in my repo, e.g. README.md, package.json, .devcontainer/devcontainer.json, src/index.tex etc.. On the host disk, these files are located under and owned by my user account. I could of course chmod o+rw but that shouldn't be necessary. I've got a bunch of other (Debian-based, admittedly) devcontainers with no issues.

did you hand-craft your .devcontainer.json or did you use the template from this repository?

I started from the files generated by the devcontainer plugin for vscode pulling in your template but then made minor changes. Specifically, I

• moved the .devcontainer.json file to .devcontainer/devcontainer.json
• Moved the Dockerfile to .devcontainer/
• Replaced the rather long Dockerfile with a single FROM ghcr.io/jmuchovej/devcontainers/latex:2024
• Updated .devcontainer/devcontainer.json to build from the Dockerfile rather than specify an image
• Removed the docker-bake.hcl file

but i would not be surprised if there's a need to ensure that the vscode user owns, for instance, the TEXDIR and the like

Please be aware that chowning the repos files to the vscode user is not a good idea. This would fix the permissions inside the container and break permissions outside it.

there are plenty of devcontainers which i use that are based on mcr.microsoft.com/devcontainers/base:noble (like this one is) without permissions issues

Actually, this is an active issue for these images as well:

devcontainers/images#1056

[jmuchovej]

ahh – i didn't see this PR when i was looking through devcontainers/images. thanks for the link! devcontainers/images#1170 (just so we have it tracked here.)

given this is really an upstream issue, i'll keep an eye on when they accept the PR and rebuild these devcontainers once they do! (i don't think it's ideal to track these kinds of patches here, unless it turns ou the PR is going to take a while to be accepted (e.g., more than another week or so).

---

but i would not be surprised if there's a need to ensure that the vscode user owns, for instance, the TEXDIR and the like

Please be aware that chowning the repos files to the vscode user is not a good idea. This would fix the permissions inside the container and break permissions outside it.

hmm? the directories i was referring to were system directories, like the TeXLive installation site. i wasn't referring to your mounted directories.

---

i see now that the permissions issue has been non-existent for me because i typically work with macOS, which does UID/GID remapping differently than linux.

[jmuchovej]

in the meantime, for folks who might come here – the temporary fix appears to be:

1. create a local Dockerfile with the contents below.
2. update your devcontainer.json file to build from this Dockerfile, rather than pulling this image directly.

FROM ghcr.io/jmuchovej/devcontainers/latex:2024

# Source: https://github.com/devcontainers/images/issues/1056#issuecomment-2160102633
RUN userdel -r ubuntu; usermod -u 1000 vscode; groupmod -g 1000 vscode

@FelixZY can you confirm that this works, locally?

[jmuchovej]

The PR mentioned in #23 (comment) just got accepted, so I should be able to trigger a rebuild of the LaTeX 2024 container within the week.