What do I have:
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update -y \ && apt install -y --no-install-recommends \ sudo \ && adduser --disabled-password --gecos "" --uid 1000 runner \ && groupadd docker \ && usermod -aG sudo runner \ && usermod -aG docker runner \ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
USER runner
RUN sudo usermod -u 1001 runner && sudo groupmod -g 121 runnerBuilding this Dockerfile results in an error:
sudo: you do not exist in the passwd database
If I split the last one RUN into two RUNs, there is no error:
FROM ubuntu:20.04
ENV DEBIAN_FRONTEND=noninteractive
RUN apt update -y \ && apt install -y --no-install-recommends \ sudo \ && adduser --disabled-password --gecos "" --uid 1000 runner \ && groupadd docker \ && usermod -aG sudo runner \ && usermod -aG docker runner \ && echo "%sudo ALL=(ALL:ALL) NOPASSWD:ALL" > /etc/sudoers
USER runner
RUN sudo usermod -u 1001 runner
RUN sudo groupmod -g 121 runnerWhy is this happening?
1 Answer
In RUN sudo usermod -u 1001 runner && sudo groupmod -g 121 runner, Docker starts an sh process as the runner user, that runs these commands. The first command changes the UID of that user. But the sh process still uses the old ID, and so, when it tries to run the second command, it is trying to run sudo with a UID that no longer exists in the passwd database. When you split them into two RUN commands, Docker starts a new sh process for the second RUN, which uses the new UID.
I don't have a solution for this, since I don't know why you're doing something like this. I'd advice against randomly changing UIDs of a user while still running processes as that user. sudo isn't the only tool that won't like it.