From d475f8743367cf7d1c94529619e8591ec0776261 Mon Sep 17 00:00:00 2001
From: Chris Brown <chribrow@redhat.com>
Date: Mon, 27 Apr 2026 09:16:33 +0100
Subject: [PATCH] Add vespa user to root group for OpenShift arbitrary UID
 support

OpenShift's restricted-v2 SCC assigns arbitrary UIDs with GID 0 (root
group). Adding the vespa user to the root group ensures compatibility
if these dev images are used as bases for OpenShift deployments.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
---
 dev/almalinux-8/Dockerfile | 2 +-
 dev/almalinux-9/Dockerfile | 2 +-
 2 files changed, 2 insertions(+), 2 deletions(-)

diff --git a/dev/almalinux-8/Dockerfile b/dev/almalinux-8/Dockerfile
index 11756b1..cfcdf96 100644
--- a/dev/almalinux-8/Dockerfile
+++ b/dev/almalinux-8/Dockerfile
@@ -28,7 +28,7 @@ RUN dnf -y install \
     npm install -g @openai/codex && \
     dnf clean all --enablerepo=\*
 
-RUN useradd -M -d /opt/vespa -s /usr/sbin/nologin vespa
+RUN useradd -M -d /opt/vespa -s /usr/sbin/nologin -G root vespa
 
 STOPSIGNAL SIGRTMIN+3
 
diff --git a/dev/almalinux-9/Dockerfile b/dev/almalinux-9/Dockerfile
index 5070ce3..3099d8a 100644
--- a/dev/almalinux-9/Dockerfile
+++ b/dev/almalinux-9/Dockerfile
@@ -5,7 +5,7 @@ FROM docker.io/vespaengine/vespa-build-almalinux-9:latest
 RUN --mount=type=bind,target=/include/,source=include/,rw /bin/sh /include/setup.sh
 
 # Add default user
-RUN useradd -M -d /opt/vespa -s /usr/sbin/nologin vespa
+RUN useradd -M -d /opt/vespa -s /usr/sbin/nologin -G root vespa
 
 STOPSIGNAL SIGRTMIN+3