Not a bug

[ijpatricio]

Affected Docker Images

Hey @jaydrogers !!

beta-8.3-nginx-fpm

Current Behavior

The container runs as www-data:www-data

Expected Behavior

I want to ssh into the VPS, as a non-root user, and be able to setup a directory for deploying a project, volume mounts, etc. Later down the line, I want to go in the VPS, and maybe I have to edit or delete files.

Currently I create an user, so it gets 1000:1000, and that's what I like to use, on GHactions, and any automation that goes into the VPS. This will result in that the container won't be able to write on the logs folder, for example?

How are we supposed to setup the thing? Every and any folder/file on the host system should be www-data:www-data?? (33:33) That's what I came up with back in the day... but currently I go 1000:1000 all-in :)

Wouldn't it be better? nginx and fpm, would have to be setup as this user, it could live in the .env file, set and forget.

But, if we're going 33:33 all-in, that would also work for me. At this point, really tired of not having standards. I just want to agree on a "defacto way" of doing things, and stick to it

[RadeJR]

Hi! I'm not Jay but I'd like to help by sharing how we solved this problem. Since these images are now using non-root user by default, you can use 2 scripts to modify UID and GID of the default www-data user.

Dockerfile example:

FROM serversideup/php:beta-8.2-fpm-nginx
USER root

# Save the build arguments as a variable, you can specify whatever uid/gid you would like to use, in your example you can use 1000:1000
ARG USER_ID=1000
ARG GROUP_ID=1000

# Use the build arguments to change the UID 
# and GID of www-data while also changing 
# the file permissions for NGINX
RUN docker-php-serversideup-set-id www-data $USER_ID:$GROUP_ID && \
  \
  # Update the file permissions for our NGINX service to match the new UID/GID
  docker-php-serversideup-set-file-permissions --owner $USER_ID:$GROUP_ID --service nginx

# Drop back to our unprivileged user
USER www-data

This will enable you to run containers as the user you created and allow them to read/write to mounted volumes. Let me know if you have more questions or if i didnt answer something!

[ijpatricio]

Hey @RadeJR

I definitely forgot there are more people that see this! I'm very welcome to feedback from everyone!!

This sure helps a lot!! I have to try it!

Something I'm missing is, when in local (dev), if the base image has everything I need, should I need to build as well with current uid and gid?

[ijpatricio]

and thank you so so much for feedback @RadeJR

[RadeJR]

I was sure that there were docs for this exact issue but I didn't manage to find them before posting my previous response. Here's the link: https://serversideup.net/open-source/docker-php/docs/guide/understanding-file-permissions

You have an example of Dockerfile and docker-compose.yml that you can use in development.

I hope that these docs solve your problem, but if you need anything else, let me know.

[jaydrogers]

Thanks for chiming in @RadeJR! Yes, using the example above is the way.

Any other questions, @ijpatricio open a discussion and I'd be glad to help!

[ijpatricio]

@RadeJR I overlooked this functionality, thank you so much for all the care, explanations, and availability! I'm seating back again for the afternoon and will dive in, for sure it will solve it, it has everything for it!

@jaydrogers Oh boy, sorry, totally forgot about Discussions! I need some vacations!! I'll make some YouTube content with this, it's so so good!!!

Thank you again, @RadeJR and and @jaydrogers

[sneycampos]

Something I'm missing is, when in local (dev), if the base image has everything I need, should I need to build as well with current uid and gid?

Probably yes to solve the problem with sync with volumes. If you use volume in your local environment, the files will be synced and belongs to your host user (1000) but in container this user doesn't exists.

A "dev" image was a nice catch to solve this problem when using in local environment or even in main image, using environment variables, for example:

environments:
    - UID: 1000
    - GID: 1000