If running as non-root, ensure there exists a user with the current UID in the user list

[dkarlovi]

If you're passing your SSH keys mounted to the container, they need to have the correct permissions for SSH to want to use them.

Bad owner or permissions on /root/.ssh/config

This goes further: if you pass the correct keys with the correct permissions, SSH still checks the UID matches a known user, it cannot just be UIDs:

No user exists for uid 2000
fatal: Could not read from remote repository.

We could create a user from the entrypoint script if no such user currently exists, this could be as easy as:

# in the entrypoint
useradd -d /home/user -u `id -u` user || true

This would create a user called user with the home set to /home/user or ignore, if the user already exists (you're running as root). It also means you get to mount stuff into it (say, /home/user/.ssh:ro) and it all just works.

[jakzal]

Remind me, why haven't we introduce a non-root user?

Btw, the user could be called "phpqa".

[dkarlovi]

why haven't we introduce a non-root user?

Not sure.

Btw, the user could be called "phpqa".

:+1: I'm working on this patch as I write this. The important part is to make that user have the same UID you pass in runtime, which is why it (AFAIK) must be in the entrypoint.

[dkarlovi]

Oh right, the entrypoint is being run by the user you pass to docker run, meaning it cannot add the user at runtime since it's not root. :thinking:

If we do

USER phpqa

In the Dockerfile, the UID will not match.

[dkarlovi]

Looking into adding a SUID root script to do it, should be pretty safe since it's in the container and doing one thing specifically.