search

arpanghosh8453 / public-fitbit-projects

A script to fetch data from Fitbit servers using their API and store the data in a local influxdb database.
BSD 4-Clause "Original" or "Old" License
323 stars 29 forks source link

Option to change USER ID and GROUP ID ? #17

Closed nodecentral closed 2 months ago

nodecentral commented 2 months ago

Hi

In the docker compose instructions, the user and group IDs often causes me issues when it comes to using mapped folders on the host. For a while now, I always create them using user UID 1005 and GID 1000. Is it possible for a change of UID/GID to be supported ?

      - ./logs:/app/logs # logs folder should exist and owned by user id 1000
      - ./tokens:/app/tokens # tokens folder should exist and owned by user id 1000
AskAlice commented 2 months ago

I concur, possibly user: "${UID}:${GID}" on every container, or alternately user: "${PUID}:${PGID}" with a supplemental .env file

arpanghosh8453 commented 2 months ago

I am aware that linuxserver provides the settings as part of compose file, but doing that is not very straightforward. The script (or the container) runs as a non-root user (appuser) if you are concerned about security implications 

RUN groupadd --gid 1000 appuser && useradd --uid 1000 --gid appuser --shell /bin/bash --create-home appuser && chown -R appuser:appuser /app
USER appuser

You can always use user: "${UID}:${GID}" in any compose file if you want to do what you want as mentioned by @AskAlice . So I am closing this issue in favor to that.

nodecentral commented 2 months ago

Thanks @arpanghosh8453 / @AskAlice

On a stackoverflow post someone had suggested..

The docker run command can be passed a user and group (or uid / gid).

docker run --user 2000:2000 acme

Or, via compose.yml, the user: attribute can be used.

services:
  acme:
    image: my-alpine:latest
    user: 2000:2000

In the case that ids are used, neither the user id or group id needs to exist in the container.

A response was made to that post that suggested.

This is the important bit: "Assuming the group and user exist before the container is created". If that is the case, this is the perfect answer.

So, is that a valid route too - i simple add that parameter, so the compose yml is.

version: '3.4'
services:
  fitbit-fetch-data:
    restart: unless-stopped
    image: thisisarpanghosh/fitbit-fetch-data:latest
    container_name: fitbit-fetch-data
    user: 1005:1000
    volumes:
      - ./logs:/app/logs # the logs folder should exist and owned by user id 1005
      - ./tokens:/app/tokens # tokens folder should exist and owned by user id 1005
      - /etc/timezone:/etc/timezone:ro