This is a strange problem that I cannot figure out

My user outside the container is in the docker groups, when I mount passwd/group/sudoers etc into the container, and directly launch my host uid/gid into the container, I am not part of the docker group.

sudo usermod -aG docker $USER

# Will not work
docker run \
    --rm -it \
    -u $(id -u):$(id -g) \
    --volume \
    /etc/sudoers:/etc/sudoers:ro \
    --volume \
    /etc/group:/etc/group:ro \
    --volume \
    /etc/passwd:/etc/passwd:ro \
    --volume \
    /etc/shadow:/etc/shadow:ro \
    --volume \
    /etc/sudoers.d:/etc/sudoers.d:ro \
    --volume \
    /usr/bin/docker:/usr/bin/docker \
    --volume \
    /var/run/docker.sock:/var/run/docker.sock \
    ubuntu:18.04 \
    docker ps

However, when I launch into the container and switch to that user, it seems to work.

# Type docker ps at prompt, works
docker run \
    --rm -it \
    --volume \
    /etc/sudoers:/etc/sudoers:ro \
    --volume \
    /etc/group:/etc/group:ro \
    --volume \
    /etc/passwd:/etc/passwd:ro \
    --volume \
    /etc/shadow:/etc/shadow:ro \
    --volume \
    /etc/sudoers.d:/etc/sudoers.d:ro \
    --volume \
    /usr/bin/docker:/usr/bin/docker \
    --volume \
    /var/run/docker.sock:/var/run/docker.sock \
    ubuntu:18.04 \
    "su $USER -s /bin/bash"

I seem to recall the former working previously. Is there a way to use docker as a non-root user inside the container?

I don’t understand why you bind-mount all these directories … doesn’t make much sense …
On top you try to execute a “docker ps” tailed to the “docker run …” command … which should fail (except your contaier itself is also running docker ). This command will list all running containers not processes and certainly not any user credentials
The second line will lauch a container, execute a sudo, pop up a bash and die instantly afterwards …

It’s not a good idea anyway to use any host credentials directly inside a container. A container is ment run autonomous from its host (more or less)

Please explain what you’re try to achive ? Why do you need all these files inside the container ?

There are two reasons why I am mounting those directories.

One:
I’m sharing my user credentials with the container to access the X server to run a gui based app, and running as a non-root user in the container. See the following link for motivation:

https://wiki.ros.org/docker/Tutorials/GUI

Two
I am not trying to run “docker within docker”, but rather allow the container access to the host docker daemon, to allow a container to start a second container on the host (not within the container). See the following link:

https://jpetazzo.github.io/2015/09/03/do-not-use-docker-in-docker-for-ci/

That is the purpose of mounting

    --volume \
    /usr/bin/docker:/usr/bin/docker \
    --volume \
    /var/run/docker.sock:/var/run/docker.sock \

However, the example above executes the call to the docker daemon as root. Forwarding in your host credentials:

    --volume \
    /etc/sudoers:/etc/sudoers:ro \
    --volume \
    /etc/group:/etc/group:ro \
    --volume \
    /etc/passwd:/etc/passwd:ro \
    --volume \
    /etc/shadow:/etc/shadow:ro \
    --volume \
    /etc/sudoers.d:/etc/sudoers.d:ro \

Should allow running the host uid/gid within the container, and therefore having access to the docker daemon (which it does in the second example above that I posted).

The Docker run reference says:

The developer can set a default user to run the first process with the Dockerfile USER instruction. When starting a container, the operator can override the USER instruction by passing the -u option.

The Dockerfile of the ubuntu image(s) does not declare a USER, as such the -u option has no effect.

@mjlbach I am running into this same thing. Running the same exact setup, but with docker-compose. Any luck in figuring this out?