Open mbentley opened 2 years ago
duckpuppy
commented
2 years ago I second this approach - I have a service user with group membership in the docker group to allow access to the docker socket, but that user is not the same UID as the one in the image.
mbentley
commented
2 years ago Just to add, I would be more than happy to either provide a PR to handle this. It's just that the scope of what all this would touch is quite large so I would prefer to get guidance from a repository maintainer before moving forward with creating a PR of how they might prefer that to be solved. Regardless, I would not change the default behavior of any of the images in terms of the UID/GIDs in use but would just add environment variables to handle it at runtime.
Code examples of where I have already done this for my Teamspeak image for both Alpine Linux and Debian: https://github.com/mbentley/docker-teamspeak/blob/master/entrypoint.sh#L10-L41
It would be ideal if users could update or specify the UID/GID for the user in the containers are runtime. While it is great that the images are not running as root, it would be ideal to be able to set the user at runtime. Other images handle the user creation at runtime through environment variables and some logic in the entrypoint script where it would manage ownership/permissions.
The use case is that
1000:1000is typically the first non-root user on a linux system so being able to set it to a unique user would be ideal as my user has more access than any other user would.