My app runs with user
vapor, who I create and add to the
dialout group in my Dockerfile like this:
RUN useradd --user-group --groups dialout --create-home --system --skel /dev/null --home-dir /app vapor
I run the image with
# docker run --env SERIAL_PORT=/dev/serial0 --device=/dev/serial0:/dev/serial0 -v /home/pi/data:/data -ti -p 8080:8080 myimage
Unfortunately, when I try to open the serial port, I get a permission denied error. At first I thought it was because the serial port is owned by
root:dialout, which is why I added the user to the
But oddly, if I log into the container and show my groups, I don’t get the
# docker exec -ti 02b9c8309d4b bash $ groups vapor
But if I log in as root and show the groups for
vapor, it does have the group:
# docker exec -ti -u 0 02b9c8309d4b bash root@02b9c8309d4b:/app# groups vapor vapor : vapor dialout
Lastly, if I try to use
--privileged instead of
--device, I get ENOENT (not found) instead (
/dev/serial0 doesn’t exist). If I try using
--privileged, I still get Permission Denied.
Needless to say, I’m very confused about what’s going on. The host is Raspbian bullseye. Note that the serial port is not a USB device, it’s the main Raspberry Pi 4 serial port (I have an RS-485 HAT that connects to it).
How do I give the user running my app membership in a group?