Add non-root 'code' user to both C++ and Rust devcontainers

Co-authored-by: rjaegers <[email protected]>

Author: Copilot

.devcontainer/cpp/Dockerfile

@@ -116,10 +116,32 @@ RUN --mount=type=cache,target=/var/log,sharing=locked \
  && update-alternatives --install /usr/bin/python python /usr/bin/python3 10 \
  && cp /etc/skel/.bashrc /root/.bashrc
 
+# Create the 'code' user
+RUN groupadd --gid 1000 code \
+ && useradd --uid 1000 --gid code --shell /bin/bash --create-home code \
+ && cp /etc/skel/.bashrc /home/code/.bashrc \
+ && chown -R code:code /home/code
+
 # Set up package managers CPM and Conan
 # - Install CPM.cmake to the CMake module path
 # - Configure a default profile for Conan and set the CMake generator to Ninja
 RUN --mount=type=cache,target=/cache,sharing=locked \
  wget --no-hsts -qP /usr/local/lib/python*/dist-packages/cmake/data/share/cmake-*/Modules/ https://github.com/cpm-cmake/CPM.cmake/releases/download/v${CPM_VERSION}/CPM.cmake \
  && conan profile detect \
  && echo -e "\n[conf]\ntools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
+
+# Create cache directories with appropriate permissions for the code user
+RUN mkdir -p /cache/.ccache /cache/.cpm /cache/.python \
+ && chown -R code:code /cache \
+ && chmod -R 755 /cache
+
+# Set up conan for the code user
+USER code
+RUN conan profile detect \
+ && echo -e "\n[conf]\ntools.cmake.cmaketoolchain:generator=Ninja" >> "$(conan profile path default)"
+
+# Switch back to root temporarily for any remaining setup
+USER root
+
+# Set the default user
+USER code

.devcontainer/cpp/devcontainer.json

@@ -3,6 +3,7 @@
     "dockerfile": "Dockerfile",
     "context": "../.."
   },
+  "remoteUser": "code",
   "forwardPorts": [
     6080
   ],

.devcontainer/rust/Dockerfile

@@ -67,3 +67,15 @@ RUN --mount=type=cache,target=/var/log,sharing=locked \
 # Install additional rust tools
 RUN wget -qO - "https://github.com/cargo-bins/cargo-binstall/releases/download/v${CARGO_BINSTALL_VERSION}/cargo-binstall-$(uname -m)-unknown-linux-gnu.tgz" | tar xz -C "/usr/bin" \
  && cargo-binstall -y --locked [email protected] [email protected] [email protected] [email protected]
+
+# Create the 'code' user
+RUN groupadd --gid 1000 code \
+ && useradd --uid 1000 --gid code --shell /bin/bash --create-home code \
+ && cp /etc/skel/.bashrc /home/code/.bashrc \
+ && chown -R code:code /home/code
+
+# Ensure the code user has access to cargo and rustup
+RUN chmod -R a+rX /usr/local/cargo /usr/local/rustup
+
+# Set the default user
+USER code

.devcontainer/rust/devcontainer.json

@@ -3,6 +3,7 @@
     "dockerfile": "Dockerfile",
     "context": "../.."
   },
+  "remoteUser": "code",
   "privileged": true,
   "remoteEnv": {
     "CONTAINER_FLAVOR": "rust"