Should not change ownership of files mounted from host

[Maetveis]

What happened?

With the docker provider on linux, using podman (DOCKER_PATH=podman) given a workspace mounted from a local folder with a devcontainer.json that contains:

{
  "updateRemoteUserUID": false,
}

then devpod up will change the file ownership of the local files to the uid of the remote user in the container. This makes the files inaccessible on the host.

What did you expect to happen instead?

Workspace file ownership is not modified if they are mounted from the host. If they are mounted as a docker volume or cloned within the image modifying them would be fine.

How can we reproduce the bug? (as minimally and precisely as possible)

devpod up <path-to-local-workspace>

On the host

> ls -la <path-to-local-workspace>
ls: cannot open directory '<path-to-local-workspace>': Permission denied
> ls -la $(realpath <path-to-local-workspace>/..)
...
drwxr-x---  5   101000  101000 4096 Jun 12 17:37 <workspace-folder>

My devcontainer.json:

{
  "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04",
  "updateRemoteUserUID": true,
  "containerUser": "vscode"
}

Local Environment:

• DevPod Version: v0.6.15
• Operating System: linux
• ARCH of the OS: AMD64

DevPod Provider:

• Local/remote provider: docker

Anything else we need to know?

The permissions once modified by devpod then can only be fixed with podman unshare chown -R 0:0 <path-to-local-workspace> or by the root user. Disovering the podman unshare option is not easy, the user could easily believe their files are unrecoverable if they lack sudo access on the host.

[HFR1994]

I have a similar problem but with remote host. From time to time somebody (not sure if it's a devcontainer problem) changes my files group and owner to jb.

myuser@remote_host:~/.devpod/agent/contexts/default/workspaces/sample_project/content$ ls -al
total 140
drwxrwxr-x 12 jb      jb       4096 jun 23 16:59 .
drwxr-xr-x  5 myuser  myuser   4096 jun 23 17:04 ..
-rwxrwxr-x  1 jb      jb        387 jun 18 16:17 clean_pycache.sh
drwxrwxr-x  5 jb      jb       4096 jun 23 16:58 .devcontainer
drwxrwxr-x  9 jb      jb       4096 jun 24 11:09 .git
-rw-rw-r--  1 jb      jb        148 jun 18 16:17 .gitattributes
-rw-rw-r--  1 jb      jb       3170 jun 20 02:42 .gitignore
-rw-rw-r--  1 jb      jb        402 jun 18 16:17 .gitmodules
drwxr-xr-x  3 jb      jb       4096 jun 24 11:09 .idea
-rw-rw-r--  1 jb      jb      12464 jun 18 16:17 Jenkinsfile
-rw-rw-r--  1 jb      jb       5647 jun 20 19:17 app.py
-rw-rw-r--  1 jb      jb      33893 jun 18 16:17 LICENSE
-rw-rw-r--  1 jb      jb        325 jun 18 16:17 mkdocs.yml
-rw-r--r--  1 jb      jb        245 jun 18 16:24 poetry.lock
-rw-r--r--  1 jb      jb        299 jun 23 18:02 pyproject.toml
-rw-rw-r--  1 jb      jb       7834 jun 18 16:17 README.md

I suspect jb stands for "Jetbrains" since I use Pycharm as my IDE. This causes a problem specially when trying to rebuilding/reseting the container since the tool can't erase the directory so I have to manually SSH and do it myself.

This usually happens after shutting down the container and launching another instance in a different host machine but in the same remote machine (using the same ssh user).

[smfelsher]

I am also having an issue with DevPod changing ownership of files/directories. I am also using the docker provider, and I am using rootless podman instead of Docker. I launch my dev container using devpod-cli.

I do not have a non-root user in my dev container image. When I run a container directly with rootless Podman, it already handles mapping the container's user ID to my host ID, so file ownership is not changed.

DevPod should not be changing permissions if the provider is Podman. I've tried to specify the containerUser and remoteUser in my devcontainer.json file, but file ownership is still changed. Are there any other options to prevent DevPod from changing file ownership?

[CreativeIce]

add these and try again (change vscode to a user that is actually present in the image as only mcr base images have vscode by default afaik ):

"runArgs": ["--userns=keep-id"],
"containerUser": "vscode",
"remoteUser": "vscode"

[smfelsher]

So, I set containerUser and remoteUser both to root since I do not have a non-root user in my image. The same issue occurs; the file ownership is mangled on the host, changing to 100000.

I still think devpod and podman are clashing over how a user is assigned.

[smfelsher]

The repository I have is private, but I can definitely share some files.

I've attached my Dockerfile that will build an image to support development using the Zephyr framework https://docs.zephyrproject.org/latest/index.html. I have also attached a file that is needed to patch a linting tool.

• My host OS is also Arch Linux (same as the Docker image).
• Podman version is 5.6.1, installed using my package manager from the Arch repositories.
• Devpod CLI version is v0.6.15% (Not sure why there is a percent sign being printed), installed using my package manager from the Arch repositories.
• The command I use when not using Devpod is: podman run -it -v "./:/app" zephyr:1.1.0 /bin/bash
  • I use this image for CI, so it is at version 1.1.0 in my repository
  • If I run a listing in the /app directory, I will see that files are owned by root. If I create a new file, it's owned by root in the container, but it will have my UID and GID on my host.
• The command I use for DevPod is: devpod-cli up --ide=none --configure-ssh=false ./
  • I have an alias for Docker to invoke Podman, so there is no special configuration of the Docker provider for DevPod.
  • I have my environment set for the Docker host: DOCKER_HOST=unix:///run//user/1000/podman/podman.sock
  • My devcontainer.json file is very simple. See attached.
  • The UID and GID of the files in my project are immediately changed after the container is started.

This is everything that I do. Please let me know if you have any more questions. I really appreciate your support on this issue!

-- Steve Felsher, Jr.

On Sat, Sep 13, 2025 at 12:37 AM CreativeIce @.***> wrote:

CreativeIce left a comment (loft-sh/devpod#1879) https://github.com/loft-sh/devpod/issues/1879#issuecomment-3287545335

@smfelsher https://github.com/smfelsher can you give me image link or dockerfile/containerfile example ? i wanna try myself. And what os are you using?

— Reply to this email directly, view it on GitHub https://github.com/loft-sh/devpod/issues/1879#issuecomment-3287545335, or unsubscribe https://github.com/notifications/unsubscribe-auth/AGCZ3CSZYJAPXKWJPHAMA533SONSLAVCNFSM6AAAAAB7HLUPP6VHI2DSMVQWIX3LMV43OSLTON2WKQ3PNVWWK3TUHMZTEOBXGU2DKMZTGU . You are receiving this because you were mentioned.Message ID: @.***>

[matt-savvy]

I have this issue with using the default docker config

devpod provider options 
  
           NAME        | REQUIRED |          DESCRIPTION           | DEFAULT | VALUE   
  ---------------------+----------+--------------------------------+---------+---------
    DOCKER_BUILDER     | false    | The docker builder to use.     |         |         
    DOCKER_HOST        | false    | The docker host to use.        |         |         
    DOCKER_PATH        | false    | The path where to find the     | docker  | docker  
                       |          | docker binary.                 |         |         
    INACTIVITY_TIMEOUT | false    | If defined, will automatically |         |         
                       |          | stop the container after the   |         |         
                       |          | inactivity period. Examples:   |         |         
                       |          | 10m, 1h                        |         |         

[icholy]

I'm using this hack for now https://github.com/icholy/devpod/commit/b154fa0ed72105f0759ab42abb640e5fd589c9a2