UID/GID sync scripts #25
Description
Using bind mounts on Linux (inclusive of WSL) can be confusing since the actual file descriptors from the host are used - inclusive of all permissions. The problem is that the user in the container - whether root or otherwise, can have different UID/GIDs than the host user - which means that files in the source folder can be unreadable or unwritable on either the host or the container depending on the situation. While you can use a volume to house source code instead of bind mounts, its useful to be able to use local source code mounts as well and can be manditory in CI/Automation scenarios as #9 is released.
The spec and reference CLI includes an updateRemoteUserUID property that defaults to true to deal with this problem which automatically updates a specified non-root user (in containerUser or rootUser).
However, while this does automatically update permissions in that user's $HOME directory in the container, it does not update other locations. This is problematic in a number of cases, but particularly when packages or other content the user needs to work with is not located there.
Generally, the needed update is a chown -R on a directory, but this is not always the case - and more subtle updates can often be better (e.g. using find /location -uid 1000 -execdir chown username-here {} \+). To provide a nuanced way to handle this, I'd propose a model similar to #19 where either Dockerfiles or dev container features can add a script to a known location. When a processor like the dev container CLI then executes a UID/GID update, these bash scripts are fired to make the needed updates. These would run as root and should be owned by root as a part of final image prep much like the usermod/groupmod commands when this step is needed.