Feature request non-root user

[ShadwDrgn]

I see that the init sh first thing copies some files having to do with /root which i assume are owned by 0:0, but it would be nice if this container could be run so that we can user docker's --user to run as a non root user. This would make it so we don't have to become root to be able to work with the files in the various volumes and we could also run subsequent OTA servers as non root using higher ports, etc. would be certainly make me feel better about security in general. :)

As is all files are created owned by 0:0 which means i can't move around or manipulate the files in the docker users' homedir either, so that's somewhat of an annoyance (though minor)

Alternatively:

could have some ENV vars USER and GROUP or just USER that accepts either a uid or uid:gid and have all possible operations that generate files in the mounted volumes run as that user AFTER root runs what it needs to. I think this is similar to how linuxserver builds their containers.

[petefoth]

This is already possible - see the Docker documentation which says

If you installed Docker 20.10 or later with RPM/DEB packages, you should have dockerd-rootless-setuptool.sh in /usr/bin.

Run dockerd-rootless-setuptool.sh install as a non-root user to set up the daemon:

[ShadwDrgn]

I think there may be some confusion herre. I definitely do not want to run Docker itself as a nonroot user. I have containers that definitely require root access, and this is the universally standard docker behaviour. I would like THIS build image to be able to be run as a non-root user. Having a container's entrypoint su-exec to another user is a fairly common practice, and it is what i'm hoping for.

[petefoth]

The current situation is that this docker image can be run either by a root user (in the default docker setup) or by a non-root user using the rootless method mentioned above.

Adding a third 'hybrid' method as you request seems to be adding complexity which is not needed either by this project (whose primary goal is to enable building and publishing official los4mg builds) or by most other users who use it to make their own los4mg builds.

As the project has very limited resources, we are only going to spend them making changes which provide significant benefits to the project and to other users. I'm afraid this feature does not add enough benefit, so I'm going to close it - sorry!

It is relatively straightforward to build your own docker image, based on this image, with the changes you need. If you can make the changes work for you , then the project would be happy to consider a pull request to make them available in this image.

[derMart]

I think I know what the OP's issue is. I encounter the same in a unix like setup. It is not about which user the docker process runs, but which user is executing inside the container. Files which are created by this process and are mounted on the host will have the uid / gid of the docker container's linux user. At least on unix like systems. In windows, docker maps volume ownership from the current user on the host to 0:0 in the container. I will create a pull request which addresses the problem. I already tested the solution.