Hello. I have just started learning Linux and Docker. My goal is to set up a non-root development environment with rootless Docker on a remote Ubuntu machine. I tried to get it done myself, but it’s been a nightmare for almost a week. I followed these guides:
Basic Information
Local machine
- User name: heston-pablo
- Host name: laptop
- OS: Windows 11 Home 23H2
- Editor: VS Code 1.93.1
- Terminal: Git bash
heston-pablo@laptop MINGW64 ~
$ cat ~/.ssh/config
Host desktop
Hostname 192.168.35.79
User heston-pablo
Port 49761
AddKeysToAgent yes
IdentityFile ~/.ssh/id_ed25519
ForwardAgent yes
Remote machine
- User name: heston-pablo
- Host name: desktop
- OS: Ubuntu 24.04.1
- Docker: Docker Engine 27.2.1
heston-pablo@desktop:~$ id -u
1000
heston-pablo@desktop:~$ whoami
heston-pablo
heston-pablo@desktop:~$ grep ^$(whoami): /etc/subuid
heston-pablo:100000:65536
heston-pablo@desktop:~$ grep ^$(whoami): /etc/subgid
heston-pablo:100000:65536
heston-pablo@desktop:~$ systemctl status docker
○ docker.service - Docker Application Container Engine
Loaded: loaded (/usr/lib/systemd/system/docker.service; disabled; preset: enabled)
Active: inactive (dead)
TriggeredBy: ○ docker.socket
Docs: https://docs.docker.com
heston-pablo@desktop:~$ systemctl --user status docker
● docker.service - Docker Application Container Engine (Rootless)
Loaded: loaded (/home/heston-pablo/.config/systemd/user/docker.service; enabled; preset: enabled)
Active: active (running) since Tue 2024-09-17 17:42:53 KST; 1h 57min ago
Docs: https://docs.docker.com/go/rootless/
Main PID: 1369 (rootlesskit)
Tasks: 53
Memory: 139.6M (peak: 142.5M)
CPU: 5.071s
CGroup: /user.slice/user-1000.slice/user@1000.service/app.slice/docker.service
├─1369 rootlesskit --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4netns>
├─1405 /proc/self/exe --state-dir=/run/user/1000/dockerd-rootless --net=slirp4netns --mtu=65520 --slirp4ne>
├─1438 slirp4netns --mtu 65520 -r 3 --disable-host-loopback --enable-sandbox --enable-seccomp 1405 tap0
├─1464 dockerd
└─1605 containerd --config /run/user/1000/docker/containerd/containerd.toml
What I did
- Open git bash on local
- Open VS Code with
code
command - Connect to host using the Remote - SSH extension
- Open
~/repos
directory - Create
test-container
directory - Create
.devcontainer/devcontainer.json
// devcontainer.json
{
"name": "Node.js & TypeScript",
"image": "mcr.microsoft.com/devcontainers/typescript-node:1-22-bookworm"
}
- Dev Containers: Open Folders in Container
Problem
While the /workspaces
directory is created by root
, I am a non-root user node
. So I cannot create or edit inside the initial /workspaces/test-container
directory.
node ➜ /workspaces/test-container $ id
uid=1000(node) gid=1000(node) groups=1000(node),998(nvm),999(npm)
node ➜ /workspaces/test-container $ ls -al
total 12
drwxrwxr-x 3 root root 4096 Sep 17 11:00 .
drwxr-xr-x 3 root root 4096 Sep 17 11:03 ..
drwxrwxr-x 2 root root 4096 Sep 17 11:00 .devcontainer
node ➜ /workspaces/test-container $ cd ~
node ➜ ~ $ ls -al
total 68
drwxr-xr-x 1 node node 4096 Sep 17 11:03 .
drwxr-xr-x 1 root root 4096 Sep 5 00:15 ..
-rw-r--r-- 1 node node 220 Mar 29 19:40 .bash_logout
-rw-r--r-- 1 node node 5640 Sep 12 18:01 .bashrc
drwxr-xr-x 3 node node 4096 Sep 17 11:03 .cache
drwxr-xr-x 1 node node 4096 Sep 17 11:03 .config
drwxr-xr-x 3 node node 4096 Sep 17 11:03 .dotnet
-rw-r--r-- 1 node node 263 Sep 17 11:03 .gitconfig
drwx------ 2 node node 4096 Sep 17 11:03 .gnupg
drwxrwxr-x 1 node node 4096 Sep 12 18:01 .npm
drwxr-xr-x 12 node node 4096 Sep 12 18:01 .oh-my-zsh
-rw-r--r-- 1 node node 807 Mar 29 19:40 .profile
drwxr-xr-x 2 node node 4096 Sep 17 11:03 .ssh
drwxr-xr-x 6 node node 4096 Sep 17 11:03 .vscode-server
-rw-r--r-- 1 node node 22 Sep 12 18:01 .zprofile
-rw-r--r-- 1 node node 4033 Sep 12 18:01 .zshrc
After reading tons of articles, docs, and other resources, I’ve come to roughly understand namespaces, UID/GID, remapping, etc. But I don’t understand the reasoning behind certain aspects.
Does Docker assume that I would want to be a root
user inside a devcontainer when I start a new one? Why does it create /workspaces
with the root
user and place me inside /workspaces/test-container
by default, rather than the user’s ~/
directory where I can do what I want? Is “non-root user on rootless Docker” a minor approach?
And why can’t I use docker
inside a devcontainer? Should I expose a host’s Docker socket to the devcontainer or just go for Docker-in-Docker?
Please let me know if you need more information.