First login: create docker group and add normal user to it #8920

igorpecovnik · 2025-11-12T16:36:55Z

Description

This way we ensure, user is added to the Docker group even Docker is installed later.

The Docker package’s post-install script runs:

if ! getent group docker >/dev/null; then
    addgroup --system docker
fi

So since the group already exists → it does nothing.

Checklist:

My code follows the style guidelines of this project
My changes generate no new warnings

Summary by CodeRabbit

New Features
- New users now automatically receive Docker group membership during account creation.
- If the Docker group is missing, the system attempts to create it and will emit a warning if creation fails, ensuring users get immediate membership when possible.

coderabbitai · 2025-11-12T16:37:20Z

Walkthrough

The add_user function in armbian-firstlogin now checks for the docker group (using getent), attempts to create it as a system group if missing (emitting a warning on failure), and includes docker in the supplementary-groups loop so the new user is added to it immediately after creation.

Changes

Cohort / File(s)	Summary
User group management `packages/bsp/common/usr/lib/armbian/armbian-firstlogin`	In `add_user`: added a pre-step that checks for the `docker` group via `getent`, creates `docker` as a system group if not present (with a warning on failure), and added `docker` to the list of supplementary groups appended to the new user.

Sequence Diagram(s)

sequenceDiagram
    participant Script as armbian-firstlogin
    participant Sys as System (groups, useradd)

    Script->>Sys: getent group docker?
    alt docker exists
        Sys-->>Script: group found
    else docker missing
        Script->>Sys: groupadd --system docker
        alt success
            Sys-->>Script: group created
        else failure
            Sys-->>Script: warning emitted
        end
    end
    Script->>Sys: useradd ... (create user)
    Script->>Sys: usermod -a -G docker,other_groups newuser
    Sys-->>Script: user updated (docker membership set)

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~8 minutes

Single-file change with focused logic.
Pay attention to: group creation command (flags), error/warning handling, and the supplementary-groups loop to ensure correct comma-separated formatting and ordering.

Poem

🐰 I dug a little group in the ground, neat and round,
A docker den where new users are found,
One check, one add, then a gentle nudge,
Every new account gets the docker hug! 🐳

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title clearly and concisely describes the main change: creating a docker group and adding the normal user to it during first login, which directly matches the code modifications.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch adddocker

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between 5344eac and 8bc971f.

📒 Files selected for processing (1)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin (1 hunks)

🚧 Files skipped from review as they are similar to previous changes (1)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai · 2025-11-12T16:37:27Z

Walkthrough

The armbian-firstlogin script is modified to automatically create a Docker system group if it doesn't exist and add the Docker group to the supplementary groups assigned to newly created user accounts.

Changes

Cohort / File(s)	Summary
User Docker Group Provisioning `packages/bsp/common/usr/lib/armbian/armbian-firstlogin`	Added logic to create a Docker system group if absent, and extended the supplementary groups list for new users to include the docker group alongside existing groups (sudo, netdev, audio, video, disk, tty, users, games, dialout, plugdev, input, bluetooth, systemd-journal, ssh, render).

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~10 minutes

Single file modification with straightforward additions
Docker group creation is a simple conditional check
Supplementary groups list extension is a straightforward append operation
No complex logic or control flow changes introduced

Poem

🐰 A docker in the group, how splendid and fine!
The rabbits rejoice when first-login makes time,
To welcome new users with containers so bright,
With permissions all set and their systems just right! 🐳✨

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately and concisely summarizes the main change: creating a docker group and adding the normal user to it during first login setup.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

✨ Finishing touches

🧪 Generate unit tests (beta)

Create PR with unit tests
Post copyable unit tests in a comment
Commit unit tests in branch adddocker

📜 Recent review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d7061f5 and 5344eac.

📒 Files selected for processing (1)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin (1 hunks)

🧰 Additional context used

🧠 Learnings (3)

📓 Common learnings

Learnt from: amazingfate
Repo: armbian/build PR: 8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Learnt from: tmshlvck
Repo: armbian/build PR: 8660
File: lib/functions/host/docker.sh:519-529
Timestamp: 2025-09-22T06:01:50.284Z
Learning: In the Armbian build framework's docker.sh, DOCKER_MOUNT_OPTS is conditionally set: empty for Docker, and ",suid,dev" for Podman to handle mount permission requirements.

Learnt from: tmshlvck
Repo: armbian/build PR: 8660
File: lib/functions/host/docker.sh:519-529
Timestamp: 2025-09-22T06:01:50.284Z
Learning: In the Armbian build framework's docker.sh, DOCKER_MOUNT_OPTS is conditionally set: empty for Docker, and ",suid,dev" for Podman to handle mount permission requirements.

📚 Learning: 2025-09-24T09:54:07.968Z

Learnt from: amazingfate
Repo: armbian/build PR: 8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

packages/bsp/common/usr/lib/armbian/armbian-firstlogin

📚 Learning: 2025-09-22T06:01:50.284Z

Learnt from: tmshlvck
Repo: armbian/build PR: 8660
File: lib/functions/host/docker.sh:519-529
Timestamp: 2025-09-22T06:01:50.284Z
Learning: In the Armbian build framework's docker.sh, DOCKER_MOUNT_OPTS is conditionally set: empty for Docker, and ",suid,dev" for Podman to handle mount permission requirements.

Applied to files:

packages/bsp/common/usr/lib/armbian/armbian-firstlogin

🔇 Additional comments (2)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin (2)

608-610: LGTM! Docker group added to user supplementary groups.

The addition of docker to the supplementary groups list is correct and aligns with the PR objective. The user will be a member of the docker group even if Docker is installed later, avoiding the need for manual group assignment or re-login.

Note: The usermod command on line 609 silently ignores errors (2>/dev/null), so if the docker group creation failed on line 606, the user won't be added to the docker group without any visible error. This is consistent with how other groups are handled in this loop (since some groups may not exist on all system configurations), but worth being aware of.

604-607: The addgroup --system command is standard across Debian-based systems and the code pattern matches the script's established conventions.

The --system flag for addgroup is well-established and supported across all Debian/Ubuntu systems that Armbian targets. The review comment's reference to "unsupported flag" is incorrect.

Regarding error handling: the script intentionally suppresses errors throughout this function—all commands in the usermod loop use 2>/dev/null, and there are no error checks for other group additions (sudo, netdev, audio, etc.). The docker group creation follows the same pattern as the rest of the code. The getent check already provides idempotent protection against duplicate creation attempts.

The suggested error-logging diff introduces special-case handling for just one command, which is inconsistent with the function's established approach and would complicate the script unnecessarily.

Likely an incorrect or invalid review comment.

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

coderabbitai

Actionable comments posted: 1

📜 Review details

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Disabled knowledge base sources:

Jira integration is disabled by default for public repositories

You can enable these sources in your CodeRabbit configuration.

📥 Commits

Reviewing files that changed from the base of the PR and between d7061f5 and 5344eac.

📒 Files selected for processing (1)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin (1 hunks)

🧰 Additional context used

🧠 Learnings (2)

📓 Common learnings

Learnt from: amazingfate
Repo: armbian/build PR: 8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Learnt from: tmshlvck
Repo: armbian/build PR: 8660
File: lib/functions/host/docker.sh:519-529
Timestamp: 2025-09-22T06:01:50.284Z
Learning: In the Armbian build framework's docker.sh, DOCKER_MOUNT_OPTS is conditionally set: empty for Docker, and ",suid,dev" for Podman to handle mount permission requirements.

Learnt from: tmshlvck
Repo: armbian/build PR: 8660
File: lib/functions/host/docker.sh:519-529
Timestamp: 2025-09-22T06:01:50.284Z
Learning: In the Armbian build framework's docker.sh, DOCKER_MOUNT_OPTS is conditionally set: empty for Docker, and ",suid,dev" for Podman to handle mount permission requirements.

📚 Learning: 2025-09-24T09:54:07.968Z

Learnt from: amazingfate
Repo: armbian/build PR: 8668
File: extensions/ufs.sh:2-2
Timestamp: 2025-09-24T09:54:07.968Z
Learning: In Armbian's build system, DOCKER_ARMBIAN_BASE_IMAGE must be set globally at file load time in extensions, not inside extension_prepare_config functions, because docker operations happen early in the build process and would default to ubuntu:noble if not set before docker_cli_prepare() runs.

Applied to files:

packages/bsp/common/usr/lib/armbian/armbian-firstlogin

🔇 Additional comments (1)

packages/bsp/common/usr/lib/armbian/armbian-firstlogin (1)

608-610: LGTM: Adding docker to default groups is consistent with existing pattern.

Adding docker to the supplementary groups list aligns with the existing approach of granting the user access to common system groups. Since the user is already added to the sudo group (line 608), they already have root-equivalent access, so docker group membership doesn't significantly change the security posture.

Note: The 2>/dev/null suppression on line 609 means that if the docker group creation fails above, the usermod command will silently skip adding the user to the docker group without alerting the user.

packages/bsp/common/usr/lib/armbian/armbian-firstlogin

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

* live_main_upstream/main: (227 commits) rockchip64: rewrite patches rockchip64: remove upstreamed fixes Change mainline to rc7, manually fix meson64 patch `Automatic` board configs status synchronise KERNEL_TEST_TARGET is just override. We won't both targets, so we have both. rk3576: nanopi-r76s: add mainline u-boot and fix USB3.0 host (armbian#8997) Rock-5B-Plus: Use upstream device-tree name Radxa E54c: change board support status `Automatic` board configs status synchronise `Automatic` board configs status synchronise build(deps): bump tj-actions/changed-files bananapi-r4 bpi-r4 board config - no video output build(deps): bump actions/checkout from 5 to 6 Radxa Rock 2A and F: promote boards to standard support config: drop questing and resolute symlinks for package definitions Drop Thunderbolt in desktop packages, but enable in minimal, arch amd64 only Update radxa-e52c.conf boards / Helios4: reorder some lines in the config file boards / Helios4: Fix: libfdt fdt_path_offset() returned FDT_ERR_NOTFOUND boards / Helios4: fix 0002 patch after bump U-Boot v2025.10 boards / Helios4: rebase previous u-boot patchset to v2025.10 boards / Helios4: reenable Armbian patchset boards / Helios4: drop obsolete patches and those not applicable to helios4 boards / Helios4: rename some patches in preparation for rebase boards / Helios4: enable SATA u-boot artifact boards / Helios4: switch U-Boot to mainline 2025.10 radxa-rock-4d: Move to standard support (armbian#8981) Sync support status to match with /download Rock5B+: Udev rule for Radxa Display 8HD sunxi64: Enable KVM virtualization support for current kernel Discord x86: add external sources `Automatic` board configs status synchronise rock-5b: u-boot: edge: bump to v2026.01-rc2; use mainline ATF; bootorder; fancy u-boot Desktop (mainly Gnome ) - add additional packages, small fixes and improvements lib / main-config.sh: enable APA extension for questing and resolute builds. Closes: armbian#8966 ti: configs: boards: Add BOOT_SOC variable ti: configs: boards: Add AM62L EVM (tmds62levm) board support Rock5B-Plus and Rock5T: Use upstream u-boot (armbian#8918) youyeetoo-r1: enable OUT1/OUT2 switches for es8323 headphone output on vendor kernel (armbian#8963) Fixing updating submodule Powere management - make it conditional, enable on UEFI targets, else disabled `Automatic` board configs status synchronise uefi: x86: current (6.12) and edge (6.18): add Apple T2 patches Add watchdog package into image, hardware watchdog works Allow Helios64 to do separate /boot partition only if root placed on fs than unbootable for device u-boot: prepare v2026.01 patch directory Move gxlimg to board level and some clean rockchip: cleanup and rewrite patches for `edge` rockchip: cleanup and rewrite patches for `current` nanopct6(-lts): u-boot: bump to v2026.01-rc2 odroidhc4: u-boot: bump to v2026.01-rc2 cm3588-nas: u-boot: bump to v2026.01-rc2, enable BTRFS support cm3588-nas: u-boot: fix `led-1` to `green` for preboot blinking khadas-vim3l: u-boot: bump to v2026.01-rc2, enable BTRFS and more nanopi-r6c: u-boot: bump to v2026.01-rc2; enable BTRFS support uefi-loong64-6.18: rewrite patches against v6.18-rc6, no changes mainline-kernel: bump 6.18 to v6.18-rc6 jsoninfo: introduce `inventory-artifacts` cli artifact-kernel: include LINUXCONFIG and ARMBIAN_KERNEL_DEB_NAME in artifact_input_variables config/templates: introduce targets-all-kernels.yaml for optimized kernel inventory-ing Upgrade Allwinner CURRENT kernels to latest Generic bootscript template Enable bootscript templating `Automatic` board configs status synchronise BeagleBoard and Description Updates ti: configs: family: k3: Update vendor-edge to pull latest TI PSDK tag ti: configs: family: k3: Update to bootable Processor SDK release tag ti: configs: family: k3: Add upstream edge branch ti: configs: family: k3: Change current/edge to vendor/vendor-edge sm8250 current: Add support to load QUP SE Firmware via Linux subsystem `Automatic` board configs status synchronise extensions: gxlimg: Update repo URL nanopi-m6: drop vendor uboot nanopi-r6s: remove old legacy uboot files && update mainline uboot sm8250 current: Select all USB CAN adapters under the CAN USB interfaces menu as M sm8250 current: Select all USB network adapters under the USB_NET_DRIVERS menu as M tools: Bump `BATCAT_VERSION` from 0.25.0 to 0.26.0 `Automatic` board configs status synchronise Add Ubuntu 25.10 / 26.04 questing and resolute as csc build target, demote Bookworm to csc Related to armbian/documentation#842, update extensions/gen-sample-extension-docs.sh to reference the opt-out docs for hooks rockchip: rk3576: Fix serial console to use UART0 (ttyS0) (armbian#8936) Drop patches that has been upstreamed - rockchip and sm8550 orangepi5: drop vendor uboot MOTD: deterministic spacing, tidy and compact output Bugfix: quotes were downloading to wrong location maint: cleanup board config files (armbian#8929) Use next patch version when using main action script Helios64: workaround fancontrol /dev restriction vs Helios64 udev /dev symlinks Add type of bootable fs for ODroid-N2 Preserve timestamps when copying log files Rockchip64: enable Qcom ath12 (wifi 7) support UFS: Fix CI behavior (armbian#8924) UFS: Fix ci config generation (armbian#8923) First login: create docker group and add normal user to it (armbian#8920) Framework: copy user provided first boot config at build time `Automatic` board configs status synchronise k3-beagle: Add config for BeagleBoard.org Linux and U-Boot k3: Factor out all K3 common configuration into k3_common.inc k3: Use CORESDK_TAG for setting ATFBRANCH beagley-ai: Switch current branch to 6.12 Beagle kernel ... Signed-off-by: Jonas Wood <[email protected]>

igorpecovnik requested a review from a team as a code owner November 12, 2025 16:36

github-actions bot added 11 Milestone: Fourth quarter release size/small PR with less then 50 lines Needs review Seeking for review BSP Board Support Packages labels Nov 12, 2025

coderabbitai bot reviewed Nov 12, 2025

View reviewed changes

packages/bsp/common/usr/lib/armbian/armbian-firstlogin Outdated Show resolved Hide resolved

igorpecovnik and others added 2 commits November 12, 2025 17:55

First login: create docker group and add normal user to it

935e10c

Update packages/bsp/common/usr/lib/armbian/armbian-firstlogin

8bc971f

Co-authored-by: coderabbitai[bot] <136622811+coderabbitai[bot]@users.noreply.github.com>

igorpecovnik force-pushed the adddocker branch from a90c067 to 8bc971f Compare November 12, 2025 16:55

igorpecovnik merged commit 347a93f into main Nov 12, 2025
1 check passed

igorpecovnik deleted the adddocker branch November 12, 2025 17:02

coderabbitai bot mentioned this pull request Nov 18, 2025

Improve Desktop AppGroups & Add Default User Icon #8964

Merged

5 tasks

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

Uh oh!

First login: create docker group and add normal user to it #8920

First login: create docker group and add normal user to it #8920

Uh oh!

igorpecovnik commented Nov 12, 2025 •

edited by coderabbitai bot

Loading

Uh oh!

coderabbitai bot commented Nov 12, 2025 •

edited

Loading

Uh oh!

coderabbitai bot commented Nov 12, 2025 •

edited

Loading

Uh oh!

coderabbitai bot left a comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

Uh oh!

First login: create docker group and add normal user to it #8920

First login: create docker group and add normal user to it #8920

Uh oh!

Conversation

igorpecovnik commented Nov 12, 2025 • edited by coderabbitai bot Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Description

Checklist:

Summary by CodeRabbit

Uh oh!

coderabbitai bot commented Nov 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Sequence Diagram(s)

Estimated code review effort

Poem

Pre-merge checks and finishing touches

Uh oh!

coderabbitai bot commented Nov 12, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Walkthrough

Changes

Estimated code review effort

Poem

Pre-merge checks and finishing touches

Uh oh!

coderabbitai bot left a comment

Choose a reason for hiding this comment

Uh oh!

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

2 participants

igorpecovnik commented Nov 12, 2025 •

edited by coderabbitai bot

Loading

coderabbitai bot commented Nov 12, 2025 •

edited

Loading

coderabbitai bot commented Nov 12, 2025 •

edited

Loading