We Keep Coding

VS Code Remote-Containers: cannot create directory ‘/home/appuser’:

I'm trying to use the Remote - Containers extension for Visual Studio Code, but when I "Open Folder in Container", I get this error:
Run: docker exec 0d0c1eac6f38b81566757786f853d6f6a4f3a836c15ca7ed3a3aaf29b9faab14 /bin/sh -c set -o noclobber ; mkdir -p '/home/appuser/.vscode-server/data/Machine' && { > '/home/appuser/.vscode-server/data/Machine/.writeMachineSettingsMarker' ; } 2> /dev/null
mkdir: cannot create directory ‘/home/appuser’: Permission denied
My Dockerfile uses:
FROM python:3.7-slim
...
RUN useradd -ms /bin/bash appuser
USER appuser
I've also tried:
RUN adduser -D appuser
RUN groupadd -g 999 appuser && \
useradd -r -u 999 -g appuser appuser
USER appuser
Both of these work if I build them directly. How do I get this to work?

What works for me is to create a non-root user in my Dockerfile and then configure the VS Code dev container to use that user.
Step 1. Create the non-root user in your Docker image
ARG USER_ID=1000
ARG GROUP_ID=1000
RUN groupadd --system --gid ${GROUP_ID} MY_GROUP && \
useradd --system --uid ${USER_ID} --gid MY_GROUP --home /home/MY_USER --shell /sbin/nologin MY_USER
Step 2. Configure .devcontainer/devcontainer.json file in the root of your project (should be created when you start remote dev)
"remoteUser": "MY_USER" <-- this is the setting you want to update
If you use docker compose, it's possible to configure VS Code to run the entire container as the non-root user by configuring .devcontainer/docker-compose.yml, but I've been happy with the process described above so I haven't experimented further.
You might get some additional insight by reading through the VS Code docs on this topic.

go into your WSL2 and check what is your local uid (non-root) using command id.
in my case it is UID=1000(ubuntu).
Change your dockerfile, to something like this:
# For more information, please refer to https://aka.ms/vscode-docker-python
FROM python:3.8-slim-buster
# Keeps Python from generating .pyc files in the container
ENV PYTHONDONTWRITEBYTECODE=1
# Turns off buffering for easier container logging
ENV PYTHONUNBUFFERED=1
# Install pip requirements
COPY requirements.txt .
RUN python -m pip install -r requirements.txt
WORKDIR /home/ubuntu
COPY . /home/ubuntu
# Creates a non-root user and adds permission to access the /app folder
# For more info, please refer to https://aka.ms/vscode-docker-python-configure-containers
RUN useradd -u 1000 ubuntu && chown -R ubuntu /home/ubuntu
USER ubuntu
# During debugging, this entry point will be overridden. For more information, please refer to https://aka.ms/vscode-docker-python-debug
CMD ["python", "app.py"]

Yocto Warrior Cannot Set Password for root or other users

I am using the meta-tegra warrior branch layer to build an sd card image for the Nvidia Jetson Nano. The image completes and the board boots, but I cannot log in if I try to set any kind of password in Yocto. I've tried creating users other than root and setting their passwords, but the same problem occurs where I cannot log in.
If I leave "debug-tweaks" enabled, and do not attempt to modify the root password at all, I can successfully log in without a password.
I am using warrior branch for OE and haven't modified other layers. How can I set a password for root?
Here are my local.conf password related lines:
# Password Stuff
INHERIT += "extrausers"
#EXTRA_IMAGE_FEATURES = "debug-tweaks"
EXTRA_USERS_PARAMS = "usermod -P mypassword123 root; "
EXTRA_USERS_PARAMS = " useradd testing; \
useradd mts; \
usermod -p 'testing12345' testing; \
usermod -p 'comp12345' comp; \

usermod with -p (minus p) needs a hash generated from openssl passwd command so you need to set Yocto variable as following:
EXTRA_USERS_PARAMS = "usermod -p $(openssl passwd <some_password>) root;"
If you want to append something to bitbake variable, you need to use _append or += operators, ie:
EXTRA_USERS_PARAMS_append = " useradd testing;"
EXTRA_USERS_PARAMS_append = " useradd mts;"
...

Set new user permissions in Yocto recipe

I have a recipe to add a user called foo:
inherit useradd
USERADD_PACKAGES = "${PN}"
USERADD_PARAM_${PN} = "-P foo -u 1000 -d /home/foo -r -s /bin/bash foo;"
LICENSE = "CLOSED"
do_install () {
install -d ${D}/data/docker
install -d ${D}/home/foo
chown -R foo ${D}/home/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = " \
/home/foo \
/data \
"
For an obscure reason, data/docker is owned by foo but not /home/foo. Any idea why?

Actually, you don't need to install /home/foo(nor chown) since that task should be already accomplished by useradd, thus you can remove those commands. However, you might want to modify your recipe as follows:
do_install () {
install -d -m 755 ${D}${datadir}/foo
install -d -m 755 ${D}/data/docker
chown -R foo ${D}${datadir}/foo
chown -R foo ${D}/data/docker
}
FILES_${PN} = "${datadir}/foo/* /data/docker/*"

So the reason was that another recipe was creating a subfolder in the home directory first and was owned by root by default.
When the recipe to add the user was baked, the home folder was already created with root permissions.
My solution was to add the creation of this folder in the recipe adding the user instead.
Thanks #danior for the corrections

Yocto: Add custom user to custom group

I have created a custom group e.g "grp1" in my application recipe say "app.bb".
GROUPADD_PARAM_${PN} = "grp1"
I am trying to add my custom user e.g: "user1" to this group "grp1" in "space.bb".
USERADD_PARAM_${PN} = "-d ${localstatedir}/lib/space/ -s /bin/false -G grp1 -U user1"
The useradd command failed: "useradd: group 'grp1' does not exist".
I have also tried adding DEPENDS_${PN} = "app" in space.bb, but it doesn't help.
How can I add my custom user to my custom group in bitbake recipe?

another possible cause of this error, if some recipe is using
inherit extrauser
instead of
inherit useradd
and adding the same group grp1 with the help of
EXTRA_USERS_PARAMS = "\
useradd -p '' grp1; \
groupadd grp1; \
"
instead of classical
GROUPADD_PARAM_libAPP = "grp1"
USERADD_PARAM_libAPP = "--no-create-home --home /var/tmp --shell /bin/nologin --gid grp1 grp1"
will cause a group grp1 duplication and failure of the useradd command

Yocto Jethro: how do I add user to sudoers list

I added a new user as follows
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;"
I am trying to find how to add users to sudoers list. Is there a class like extrausers
Update-1:
In class classes/extrausers.bbclass I see usermod supported. Will the following work?
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P p#ssW0rd user1;\
usermod -aG sudo user1"
Update-2:
I tried adding IMAGE_INSTALL_append += " sudo " and
inherit extrausers
EXTRA_USERS_PARAMS = "useradd -P foobar -G sudo user1;"
But that does not help me in achieving the effect of adding user1 to sudoers list. I see following error when I do sudo -v
Sorry, user user1 may not run sudo on <machine-name>.
Update-3:
I found that the sudoers file has the sudo group commented as follows:
# %sudo ALL=(ALL) ALL
Hence the reason even adding user1 to group sudo didn't help
Rather than adding user1 to group sudo I adopted approach of adding a drop-in file under /etc/sudoers.d/0001_user1 using recipes-extended/sudo/sudo_1.8.14p3.bbappend
do_install_append () {
echo "user1 ALL=(ALL) ALL" > ${D}${sysconfdir}/sudoers.d/001_first
}
Now I need help in understanding which of following is a better approach in terms of security?
uncomment sudo line in /etc/sudoers and adding user1 to /etc/sudoers
adding user1 in /etc/sudoers.d/001_first

So there are two approaches to add an user with sudo capability
Add user to sudo group and enable sudo group in /etc/sudoers
Create a file under ${D}${sysconfdir}/sudoers.d/ and add the sudo rule for user there.
Now which approach is suitable for your distro is well answered in /etc/sudoers vs /etc/sudoers.d/ file for enabling sudo for a user