'How to apply Dockerfile `git config` values to a non-root user's ssh session?

I have a Dockerfile whose base layer includes git, configures git's global user.name and user.email and that starts openssh-server.

The Dockerfile is along the lines of this (simplified to remove perceived irrelevancies):

FROM debian as base
RUN apt-get update && \
    apt-get -qy full-upgrade && \
    apt-get install -qy git && \
    apt-get install -qy openssh-server && \
    sed -i 's|session    required     pam_loginuid.so|session    optional pam_loginuid.so|g' /etc/pam.d/sshd && \
    mkdir -p /var/run/sshd && \
    groupadd builders -g 1111111112 && \
    useradd -l -u 1111111111 -g 1111111112 -m -s /bin/bash bob && \
    echo "bob ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
    echo "bob:youruncle" | chpasswd && \
    git config --global user.name "bob" && \
    git config --global user.email "[email protected]"

EXPOSE 22
CMD /usr/sbin/sshd -D

When I build and run this container:

$ docker build -t tmp:tmp .
[+] Building 59.2s (6/6) FINISHED
 => [internal] load .dockerignore                                 0.1s
 => => transferring context: 2B                                   0.0s
 => [internal] load build definition from Dockerfile              0.0s
 => => transferring dockerfile: 692B                              0.0s
 => [internal] load metadata for docker.io/library/debian:latest  0.0s
 => CACHED [1/2] FROM docker.io/library/debian                    0.0s
 => [2/2] RUN apt-get update &&     apt-get -qy full-upgrade &&  55.4s
 => exporting to image                                            3.6s
 => => exporting layers                                           3.5s
 => => writing image sha256:cceaae2883b393ccb7dc0d977d846e5df1... 0.0s
 => => naming to docker.io/library/tmp:tmp                        0.0s
$ docker run tmp:tmp

...and attach to it, I see bob's expected git config:

$ docker exec -it peaceful_einstein bash
root@3ca48a22fe98:/# git config --list
user.name=bob
[email protected]
root@3ca48a22fe98:/#

...but when I ssh to the container as bob, I don't see the expected git config:

$ docker inspect -f '{{range.NetworkSettings.Networks}}{{.IPAddress}}{{end}}' peaceful_einstein
172.17.0.223
$ ssh [email protected]
The authenticity of host '172.17.0.223 (172.17.0.223)' can't be established.
ECDSA key fingerprint is SHA256:mIyf7TvG0nDSo3fWDipWGGPxFipb6THmoYt7dwtR77w.
Are you sure you want to continue connecting (yes/no)? yes
Warning: Permanently added '172.17.0.223' (ECDSA) to the list of known hosts.
[email protected]'s password:
Linux 3ca48a22fe98 4.9.0-8-amd64 #1 SMP Debian 4.9.144-3.1 (2019-02-19) x86_64

The programs included with the Debian GNU/Linux system are free software;
the exact distribution terms for each program are described in the
individual files in /usr/share/doc/*/copyright.

Debian GNU/Linux comes with ABSOLUTELY NO WARRANTY, to the extent
permitted by applicable law.
bob@3ca48a22fe98:~$ git config --list
bob@3ca48a22fe98:~$

Why isn't bob's git config info available when ssh'ing to the container?
Is there a way to make the git config statements in the Dockerfile "apply" to bob's ssh session?

gitdockerdockerfileopensshgit-config


Solution 1:[1]

Running docker exec uses the directory from the Dockerfile (the WORKDIR) unless you override it, and—more importantly in this case—the user from the -u option, or the user from the Dockerfile. (See also What's the default user for docker exec?) In your case those are / and root (uid 0).

Running ssh into a container starts a login shell, which uses the user's home directory, getting the user from the login. In this case those are bob and so, probably /home/bob.

Git uses or sets the current user's --global config, so you're getting root's configuration with docker exec and bob's with ssh.

Solution 2:[2]

I was able to use @torek's explanation to cobble together this solution that does the git config work in a USER bob "section" of the Dockerfile:

FROM debian as base
RUN apt-get update && \
    apt-get -qy full-upgrade && \
    apt-get install -qy git && \
    apt-get install -qy openssh-server && \
    sed -i 's|session    required     pam_loginuid.so|session    optional pam_loginuid.so|g' /etc/pam.d/sshd && \
    mkdir -p /var/run/sshd && \
    groupadd builders -g 1111111112 && \
    useradd -l -u 1111111111 -g 1111111112 -m -s /bin/bash bob && \
    echo "bob ALL=(ALL) NOPASSWD:ALL" >> /etc/sudoers && \
    echo "bob:youruncle" | chpasswd

EXPOSE 22

USER bob
RUN git config --global user.name "bob" && \
    git config --global user.email "[email protected]"

USER root
CMD /usr/sbin/sshd -D

I have no idea how clean/proper/conformant to prevailing practice that solution is, but it does satisfy the need of the original post.

Sources

This article follows the attribution requirements of Stack Overflow and is licensed under CC BY-SA 3.0.

Source: Stack Overflow

Solution Source
Solution 1 torek
Solution 2 StoneThrow

Related Questions

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

Given long git commit how to safely get short commit

How can I 'git clone' from another machine?

VS Code / Bitbucket / SSH - Permission denied (publickey)

Differences between git pull origin master & git pull origin/master

git config: remote.<name>.fetch - is it possible to set up exceptions?

Git push hangs when pushing to Github?

How to clone git repository with specific revision/changeset?

Remove a file from the list that will be committed

Unable to create '/git/index.lock': File exists - but it doesn't

VSTS: How to get all linked work items since last successful release to production?

Versioning of debian packaging Information

How to generate ssh keys (for github)

How do I commit case-sensitive only filename changes in Git?