Docker compose throws - adduser: group 'www-data' in use

Question

I have a docker-composer.yml file which used to work just fine a couple of months ago, but now when I run it throws an error.

First, this is my file structure.

.data/db
logs
mariadb
nginx
php7-fpm
src/public
.env
.gitignore
README
docker-compose.yml

The only mention of the error i.e www-data is in two of the files. php7-fpm/Dockerfile and nginx/Dockerfile

Here is the content of these files:

php-fpm/Dockerfile

....
RUN apt-get update && apt-get install -y procps

RUN usermod -u 1000 www-data

USER www-data

WORKDIR /var/www


nginx/Dockerfile

FROM nginx:alpine

COPY ./config/nginx.conf /etc/nginx/
COPY ./sites /etc/nginx/sites-available
RUN apk update \
    && apk upgrade \
    && apk add --no-cache bash \
    && adduser -D -H -u 1000 -s /bin/bash www-data

ARG PHP_UPSTREAM_CONTAINER=php-fpm
ARG PHP_UPSTREAM_PORT=9000

# Set upstream conf and remove the default conf
RUN echo "upstream php-upstream { server     ${PHP_UPSTREAM_CONTAINER}:${PHP_UPSTREAM_PORT}; }" > /etc/nginx/conf.d/upstream.conf \
&& rm /etc/nginx/conf.d/default.conf

CMD ["nginx"]

The docker-compose.yml file is a generic one, there is no tampering with user groups, but here is a pastebin for anyone who wants to take a look.

https://pastebin.com/ivRfPvZz

This is the partial output from the docker-compose up -d command.

Image for service php-fpm was built because it did not already exist. To rebuild this image you must use `docker-compose build` or `docker-compose up --build`.
Building nginx
Step 1/8 : FROM nginx:alpine
alpine: Pulling from library/nginx
Digest: sha256:17bd1698318e9c0f9ba2c5ed49f53d690684dab7fe3e8019b855c352528d57be
Status: Downloaded newer image for nginx:alpine
 ---> ea1193fd3dde
Step 2/8 : COPY ./config/nginx.conf /etc/nginx/
 ---> 65c115482d37
Step 3/8 : COPY ./sites /etc/nginx/sites-available
 ---> 1fbe81620355
Step 4/8 : RUN apk update     && apk upgrade     && apk add --no-cache bash     && adduser -D -H -u 1000 -s /bin/bash www-data
 ---> Running in c631ccdf63f2
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
v3.9.4-61-g22a1991b6a [http://dl-cdn.alpinelinux.org/alpine/v3.9/main]
v3.9.4-57-gb40ea6190b [http://dl-cdn.alpinelinux.org/alpine/v3.9/community]
OK: 9776 distinct packages available
(1/1) Upgrading libbz2 (1.0.6-r6 -> 1.0.6-r7)
OK: 27 MiB in 37 packages
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/main/x86_64/APKINDEX.tar.gz
fetch http://dl-cdn.alpinelinux.org/alpine/v3.9/community/x86_64/APKINDEX.tar.gz
(1/2) Installing readline (7.0.003-r1)
(2/2) Installing bash (4.4.19-r1)
Executing bash-4.4.19-r1.post-install
Executing busybox-1.29.3-r10.trigger
OK: 29 MiB in 39 packages
adduser: group 'www-data' in use
Service 'nginx' failed to build: The command '/bin/sh -c apk update     && apk upgrade     && apk add --no-cache bash     && adduser -D -H -u 1000 -s /bin/bash www-data' returned a non-zero code: 1

You can see the error is:

adduser: group 'www-data' in use
Service 'nginx' failed to build: The command '/bin/sh -c apk update     && apk upgrade     && apk add --no-cache bash     && adduser -D -H -u 1000 -s /bin/bash www-data' returned a non-zero code: 1

but I don't know how to fix this.

Answer 1

See this, when you use FROM nginx:alpine, in fact it sames with using nginx:1.17.1-alpine because they are just different tags for same image id.

But several month ago, when you use nginx:alpine, latest maybe others, E.g. nginx:1.14.2-alpine, so when rebuild using the same dockerfile, the base image indeed changed. I strongly suggest you use an explicit tag not latest as base image to assure definiteness.

Finally, what happened for several month ago?

1. Use nginx:1.14.2-alpine, maybe not this version, just an example：

   $ docker run --rm -it nginx:1.14.2-alpine cat /etc/group | grep www-data
   

   You can see there is no www-data group in the image, so you can use next to add a new user also a new group with the name www-data:

   adduser -D -H -u 1000 -s /bin/bash www-data
   

2. Use nginx:1.17.1-alpine, which currently same as nginx:alpine:

   $ docker run --rm -it nginx:1.17.1-alpine cat /etc/group | grep www-data
   www-data:x:82:
   

   You can see there is a default www-data group in this image, don't know how it generates, in a word, the image update bring something difference.

   So, as already a www-data group there, what you have to do is change your command to next to join a existed group:

   adduser -D -H -u 1000 -s /bin/bash www-data -G www-data
   

Answer 2

You can find the DockerFile inside laradock/nginx folder. Just change the line

&& adduser -D -H -u 1000 -s /bin/bash www-data

to

&& adduser -D -H -u 1000 -s /bin/bash www-data -G www-data

This specifies the group that the user is a member of. Once done, build and bring your containers up with

docker-compose build --no-cache nginx
docker-compose up -d

Answer 3

I'm having this issue with Alpine 3.14, where the www-data group already exists in the image.

Adding (delgroup www-data || true) before the line with adduser in it will fix the problem.

&& apk upgrade \
&& apk add --no-cache bash \
&& (delgroup www-data || true) \
&& adduser -D -H -u 1000 -s /bin/bash www-data

The parentheses with the || true will ensure that the command won't fail if the group does not exist, so it is backward compatible.