search

joseluisq / alpine-php-fpm

Lightweight & optimized Multi-Arch Docker Images (x86_64/arm/arm64) for PHP-FPM (PHP 8.1, 8.2, 8.3) with essential extensions on top of latest Alpine Linux. :elephant:
Apache License 2.0
185 stars 46 forks source link

Change www-data user/group id's? #21

Closed duzenko closed 1 year ago

duzenko commented 1 year ago

Hi, how do I change www-data id's to match my host user?

This needs to happen automatically when I create container from image based on environment variable. I know I can docker exec sh manually and change id's from there. But my problem is that I need to support automatic deployments as well.

joseluisq commented 1 year ago

You have some ways to solve the permissions problem. For example, either at start-up time or built time.

Start-up time

If you are using Docker Compose then just add a command attribute to your docker-compose.yml for the joseluisq/php-fpm Docker service.

For example, imagine that you have a cache directory to which you want to assign the right permissions.

version: "3.3"

services:
  server:
    image: nginx:1.17-alpine
    ports:
      - 8088:80
    volumes:
      - ./nginx.conf:/etc/nginx/nginx.conf
      - ./conf.d/:/etc/nginx/conf.d/
      - ../public:/usr/share/nginx/html/
    depends_on:
      - php-fpm
    links:
      - php-fpm

  php-fpm:
    image: joseluisq/php-fpm
    # NOTE: we assign www-data group/user to `cache` directory always when the container starts
    command: sh -c 'chown www-data:www-data -R /usr/share/nginx/html/cache && php-fpm'
    environment:
      - "ENV_SUBSTITUTION_ENABLE=true"
      - "PHP_MEMORY_LIMIT=512M"
      - "PHP_FPM_LISTEN=9090"
      - "PHP_SESSION_GC_MAXLIFETIME=7200"
    expose:
      - "9090"
    volumes:
      - ../public:/usr/share/nginx/html/

Another way is extending joseluisq/alpine-php-fpm but providing at the end of your Dockerfile an entry point script using ENTRYPOINT ["/entrypoint.sh"]. The entrypoint.sh here is a script that you can use to do possibly the same thing as chown www-data:www-data -R /usr/share/nginx/html/cache && php-fpm above.

Build time

You could extend some joseluisq/alpine-php-fpm version using your own Dockerfile, then add your files and directories via COPY, change the permissions via RUN for those files/directories after, and finally ship all together as Docker image.

joseluisq commented 1 year ago

Hi, how do I change www-data id's to match my host user?

Oh, I missed the host user thing. You can also do it by passing your host GID and UID from your host to the container and if you want it to happen automatically I think you can do it by extending joseluisq/alpine-php-fpm via your own Dockerfile and using an entry point combining what I posted above.

To get the host ids use something like id -u (user) and id -g (group) respectively.

Check out this blog post about the topic https://jtreminio.com/blog/running-docker-containers-as-current-host-user/

duzenko commented 1 year ago

@joseluisq No, I'm not using Docker Composer. If you have used Plesk then you should know the process - I only have my Dockerfile that I build and upload to dockerhub, but I don't have access to server terminal. Forget about chown or any other attempt at manipulating host file permissions - it will break other services working with those directories. Can you elaborate on entrypoint - how do I call the 'default' script from the base image after my custom script updates the id's?