Linux user groups missing when user mounted to container

Question

Issue: The groups attached to a Linux user are not visible inside the container.

Workflow:

1. Created a docker image, in which a user and group named sample:sample(8000:8000) is created.
2. Created a container using the same docker image and mounted the /etc/passwd file with readOnly access.

Command: docker run -itd --user "8000:8000" -v /etc/passwd:/etc/passwd:ro docker_image_name:latest bash

Note: The user & group sample:sample(8000:8000) also exists on the host.

3. The groups attached with sample user are sample and docker as checked on the host using the groups command.
4. Execed into the container and fired the following commands,

Command 1: whoami
Output: sample
Command 2: id -u
Output: 8000
Command 3: id -g
Output: 8000
Command 4: groups
Output: sample

Observations:

1. As we can see, within the container the groups attached to sample user is only sample and docker is missing.

Expected Behaviour: As the sample user is present on host as well as the container, I want the groups associated with the host user inside the container as well, i.e., I want the host user details to override the ones present in the container.

Answer 1

The issue lies in the way Docker loads the user and group information.

Issues are already reported to Docker as it fails to load the additional groups information which is stored in /etc/groups file, so, even if we mount the /etc/groups file Docker doesn't honor it.

Hence, the solution is to associate the required groups using the --group-add option provided by docker.

Note: This group provided must be a valid group and it will then be associated to your user with the already existing groups.