ability to change steam userid

[Fabiryn]

Seems like the docker user and the environment puid pgid are ignored.

services:
  valheim:
    image: mbround18/valheim:latest
    restart: unless-stopped
    user: 1001:1001
    ports:
      - 2456:2456/udp
      - 2457:2457/udp
      - 2458:2458/udp
    environment:
      PUID: 1001
      PGID: 1001
      ....

currently I can only manage to run the container if I grant 777 access to the mounted volume.

[mbround18]

Where are puid and guid variables coming from?

[MattPark]

Same. So what happens is the container needs to know what uid/gid to make the steam:steam user run as... Should pull those from environment variables during setup.

So for me I can't get through install even though I have 777 the directories on host system

If you look at https://hub.docker.com/u/linuxserver/ they have some good examples of how it should work. Clues here: https://www.reddit.com/r/docker/comments/9iwe3t/where_can_i_find_out_how_puid_and_pgid_are_used/

[mbround18]

@MattPark and @Fabiryn I need some help,

After doing some digging here are my findings and please correct me if I am wrong before I implement a fix. The user field in the docker compose directs docker compose to run as a specific user inside the container. It should be unset or set to the application user but in most cases its set to root if the container itself handles switching to an application user. The usage of a PUID and GUID are to handle which id the application user is running as and in turn directs what permissions the files are created as on the host<->container volume mounts.

This is a security feature of docker limit what can and cant occur in terms of file reads + writes on the host. Does this sound about right?

[vorpalhex]

Your understanding is correct @mbround18 but to try and add more context:

Your base image has two users, root and steam. It's the steam user which owns the running steamcmd. The steam user normally gets the next incremental UID and a GID available from the perspective of the container's kernel. That UID and GID is preserved on volume mounts, and the "owner" of those files in the mount on the host will be whatever host user has that UID and GID (so it could be your personal account, or it could be a random service account).

Several container creators such as https://github.com/linuxserver/ respect a "PGID" and "PUID" environment variable which will set the UID and GID of that created user. It's still the same "user" within Docker, just mapped to a different PGID/PUID. See https://github.com/linuxserver/docker-baseimage-ubuntu/blob/b529d350b1438aa81e68a5d87eff39ade0f1c879/root/etc/cont-init.d/10-adduser#L6 for an example of how they do this.

[mbround18]

Thank you @vorpalhex and @MattPark, I was lost on this whole permissions thing. I think I have a fix for this but I am out of time to give it a whirl. Ill toss my branch up if one of ya'll do not mind giving it a spin locally?

[mbround18]

See PR #18 for the updates to acknowledge the PUID and PGID

[mbround18]

This issue is fixed, could someone please verify on :latest version?

[MattPark]

Looking at PR #18, I think you nailed it. I will pull the latest from docker hub and try that to confirm. Nice job on this, especially for a first time.

Looks good on my end. Thanks Michael