How to fix "groupadd: GID '999' already exists"?

General Discussions
1

Hello,
I tried to build a Docker image for OpenShift Platform, but it’s failed. I need to run the container as a non-root user. I added in my docker file following commands

USER root
RUN groupadd -g 999 application && \
useradd -r -u 999 -g application application
USER application

But I’m getting the following error message:

The command ‘/bin/sh -c groupadd -g 999 application && useradd -r -u 999 -g application application’ returned a non-zero code: 4

How can I fix it ?

Thanks.

Sending build context to Docker daemon 307.1MB
Step 1/12 : FROM centos:7
—> 67fa590cfc1c
Step 2/12 : RUN yum install -y which dejavu* && ln -s /usr/share/fonts/dejavu /usr/share/fonts/dejavu-lgc
—> Using cache
—> eefd9713e496
Step 3/12 : COPY ga*_linux_x64.sh ga_linux_x64.sh
—> Using cache
—> d4282bf2e14a
Step 4/12 : COPY entrypoint.sh /usr/bin/
—> Using cache
—> e8d68c5399dc
Step 5/12 : RUN chmod ugo+x ga_linux_x64.sh /usr/bin/entrypoint.sh
—> Using cache
—> 1d1b2a6e1309
Step 6/12 : RUN ./ga_linux_x64.sh -q -Vgoanywhere.sftpPort=8022 -Vgoanywhere.httpsPort=8443 -Vgoanywhere.ftpPort=8021 -Vgoanywhere.ftpsPort=8990
—> Using cache
—> 2003a14584f0
Step 7/12 : RUN set -x && chmod g+rx /usr/local/HelpSystems/GoAnywhere/jre/bin/java
—> Using cache
—> 52e348ead12e
Step 8/12 : EXPOSE 8000 8001 8005 8006 8009 8010 8443 8021 8990 8022
—> Using cache
—> 6bf72f591630
Step 9/12 : USER root
—> Using cache
—> 22b714efd204
Step 10/12 : RUN groupadd -g 999 application && useradd -r -u 999 -g application application
—> Running in 3f401d7cd630
groupadd: GID ‘999’ already exists
The command ‘/bin/sh -c groupadd -g 999 application && useradd -r -u 999 -g application application’ returned a non-zero code: 4

2

Change the 999 to 1000 or 1001?

3

seconded to use a different group number. the error message is clear, and is consistent with the man pages error numbers returned from the linux groupadd command…that is, whatever OS image you are using (you don’t show a FROM line) has an existing group with the number 999, or somehow protects it.

If you’d like to find out what that group number is actually used for, you’d need to start a container using the same base image as for the sample you’ve shown, exec into the container (or start it with the interactive and tty flags), and check the contents of the group file. you could also try the command as written inside the container and see if the behavior is the same or different.

4

For me

docker run --rm centos:7 grep 999 /etc/group

answers with

input:x:999:

So there is a default group 999 in centos.