FreeTAKServer-User-Docs icon indicating copy to clipboard operation
FreeTAKServer-User-Docs copied to clipboard
verified publisher icon FreeTAKTeam

docs: Update docker user and group id

Open logikal opened this issue 1 year ago • 4 comments

The docs currently say that the freetak user inside the container is uid/gid 1000, which is incorrect.

I'm suggesting this change to the docs while I work on making it possible to dynamically change the uid:gid using docker/docker-compose --user/user: functionality.

image digest information:

docker images --digests| grep freetakserver
ghcr.io/freetakteam/freetakserver            latest                          sha256:8ad7e36eaa0d70cd6ebeb14ad39f15dc6e4b9baa9af37ac77a809b54e35d5521   e28de6e9ca76   7 weeks ago     1.24GB

checks from the container itself:

docker run -it ghcr.io/freetakteam/freetakserver:latest sh -c '/usr/bin/id -u; /usr/bin/id -g; grep freetak /etc/passwd; grep freetak /etc/group'
999
999
freetak:x:999:999::/home/freetak:/bin/sh
freetak:x:999:

logikal avatar Feb 24 '24 23:02 logikal

@RadioAndrea what do you think?

brothercorvo avatar Feb 25 '24 20:02 brothercorvo

It looks like changing the setup to allow docker's --user/--group settings might be a big lift, because of the file permissions that would need to change for things not in a host-mapped volume.

the linuxserver.io containers do some s6 magic to update uid/gid and permissions at container start time, but need to start as root to do it. I'm assuming ya'll don't want that.

So for now, I think these are good options:

  1. the docs should get updated to match the 999 the container has for freetak's uid/gid
  2. the user creation in the Dockerfile should specify a specific user and group (1000)?
  3. the user creation in the Dockerfile should use a default and let a user pass in env vars to set their own

This PR does 1., but 4. seems "best" for future-proofing. I can make that PR if ya'll would like.

logikal avatar Feb 25 '24 23:02 logikal

It looks like changing the setup to allow docker's --user/--group settings might be a big lift, because of the file permissions that would need to change for things not in a host-mapped volume.

the linuxserver.io containers do some s6 magic to update uid/gid and permissions at container start time, but need to start as root to do it. I'm assuming ya'll don't want that.

So for now, I think these are good options:

  1. the docs should get updated to match the 999 the container has for freetak's uid/gid
  2. the user creation in the Dockerfile should specify a specific user and group (1000)?
  3. the user creation in the Dockerfile should use a default and let a user pass in env vars to set their own

This PR does 1., but 4. seems "best" for future-proofing. I can make that PR if ya'll would like.

@RadioAndrea is working on the container, not sure which solution is better

brothercorvo avatar Feb 28 '24 16:02 brothercorvo

@RadioAndrea can you please close this?

brothercorvo avatar Apr 02 '24 13:04 brothercorvo

closed because not anymore relevant

brothercorvo avatar May 09 '24 11:05 brothercorvo