useradd with -u option causes docker to hang

Question

I have the following docker file

FROM ubuntu:18.04

ARG user_id
ARG user_gid

# Essential packages for building on a Ubuntu host
# https://docs.yoctoproject.org/ref-manual/system-requirements.html#ubuntu-and-debian
# Note, we set DEBIAN_FRONTEND=noninteractive prior to the call to apt-get
# install because otherwise we'll get prompted to select a timezone when the
# tzdata package gets included as a dependency.
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y    \
    gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential \
    chrpath socat cpio python3 python3-pip python3-pexpect xz-utils        \
    debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa       \
    libsdl1.2-dev pylint3 xterm python3-subunit mesa-common-dev sudo

# Add a user and set them up for passwordless sudo. We're using the same user
# ID and group numbers as the host system. This allows us to give the yocto
# user ownership of files and directories in the poky volume we're going to add
# without needing to change ownership which would also affect the host system.
RUN groupadd -g $user_gid yoctouser
RUN useradd -m yoctouser -u $user_id -g $user_gid
    #echo "yoctouser ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers

USER yoctouser
WORKDIR /home/yoctouser

ENV LANG=en_US.UTF-8

CMD /bin/bash

The useradd command is hanging, and specifically the -u option is the issue. If I remove -u $user_id everything works fine. Furthermore, docker is filling up my disk. /var/lib/docker/overlay2/ goes from being 852MB before adding the -u option to gigabytes after just a few seconds. If I don't kill it, it entirely fills up my disk and I end up having to stop the docker daemon and manually remove folders inside of the overlay2 directory.

Why might specifying this uid be an issue?

Here is the relevant section of a python script I wrote to drive this so you can see how I'm getting the user ID and passing it to docker build.

def build_docker_image():
    print("Building a docker image named:", DOCKER_IMAGE_NAME)
    USERID_ARG  = "user_id=" + str(os.getuid())
    USERGID_ARG = "user_gid=" + str(os.getgid())
    print(USERID_ARG)
    print(USERGID_ARG)
    try:
        subprocess.check_call(['docker', 'build',
                               '--build-arg', USERID_ARG,
                               '--build-arg', USERGID_ARG,
                               '-t', DOCKER_IMAGE_NAME, '.',
                               '-f', DOCKERFILE_NAME])
    except:
        print("Failed to create the docker image")
        sys.exit(1)

FWIW, on my system

user_id=1666422094
user_gid=1666400513

I am running Docker version 20.10.5, build 55c4c88 on a Ubuntu 18.04 host.

Answer 1

I need to use the -l / --no-log-init option when calling useradd to workaround a bug in docker relating to how large UIDs are handled.

My final dockerfile looks like

FROM ubuntu:18.04

ARG user_id
ARG user_gid

# Essential packages for building on a Ubuntu host
# https://docs.yoctoproject.org/ref-manual/system-requirements.html#ubuntu-and-debian
# Note, we set DEBIAN_FRONTEND=noninteractive prior to the call to apt-get
# install because otherwise we'll get prompted to select a timezone when the
# tzdata package gets included as a dependency.
RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get install -y    \
    gawk wget git-core diffstat unzip texinfo gcc-multilib build-essential \
    chrpath socat cpio python3 python3-pip python3-pexpect xz-utils        \
    debianutils iputils-ping python3-git python3-jinja2 libegl1-mesa       \
    libsdl1.2-dev pylint3 xterm python3-subunit mesa-common-dev

# Set up locales
RUN apt-get install -y locales
RUN dpkg-reconfigure locales && \
    locale-gen en_US.UTF-8 &&   \
    update-locale LC_ALL=en_US.UTF-8 LANG=en_US.UTF-8
ENV LC_ALL=en_US.UTF-8
ENV LANG=en_US.UTF-8
ENV LANGUAGE=en_US.UTF-8

# Add a user and set them up for passwordless sudo. We're using the same user
# ID and group numbers as the host system. This allows us to give the yocto
# user ownership of files and directories in the poky mount we're going to add
# without needing to change ownership which would also affect the host system.
# Note the use of the --no-log-init option for useradd. This is a workaround to
# [a bug](https://github.com/moby/moby/issues/5419) relating to how large UIDs
# are handled.
RUN apt-get install -y sudo &&                                           \
    groupadd --gid ${user_gid} yoctouser &&                              \
    useradd --create-home --no-log-init --uid ${user_id} --gid yoctouser \
        yoctouser &&                                                     \
    echo "yoctouser ALL=(ALL:ALL) NOPASSWD:ALL" | tee -a /etc/sudoers

USER yoctouser
WORKDIR /home/yoctouser

CMD ["/bin/bash"]