frankenphp icon indicating copy to clipboard operation
frankenphp copied to clipboard
verified publisher icon php

docs: useradd issue

Open adrianrudnik opened this issue 1 year ago • 3 comments

What happened?

I'm currently working through https://frankenphp.dev/docs/docker/#running-with-no-capabilities and see the line useradd -D ${USER}; mentioned several times.

Following through the example:

docker run -it --rm dunglas/frankenphp bash
export USER=www-data
useradd -D ${USER}

just prints the commands help.

-D for useradd is print or change default useradd configuration. -D for adduser is Don't assign a password

From my understanding the intention is to add a user www-data without a password on debian? That would be useradd without specifying -p. But even then

cat /etc/passwd | grep www-data

show the user already exists, so can it be omitted because it serves nothing?

Build Type

Docker (Debian Bookworm)

Worker Mode

Yes

Operating System

GNU/Linux

CPU Architecture

x86_64

PHP configuration

The one installed in the docker image dunglas/frankenphp

Relevant log output

No response

adrianrudnik avatar Dec 01 '24 14:12 adrianrudnik

In addition, in the upstream image, the home folder for the user www-data is configured to be /var/www:

cat /etc/passwd | grep www-data
> www-data:x:33:33:www-data:/var/www:/usr/sbin/nologin

but the user has no access to it, as everything is owned by root

ls -ldh /var/www
drwxr-xr-x 3 root root 4.0K Nov 21 17:54 /var/www

Any reason why /app is preferred over `/var/www'?

adrianrudnik avatar Dec 01 '24 15:12 adrianrudnik

You're right, www-data already exists in all the official php images. I'd go a step further and change the user id of www-data to 1000 like this image does (so file permissions are correctly mapped when using the image locally).

As for /app vs /var/www, I think /app is a container convention. Before containers, application files usually were just copied to a permanently running server, in other words they were 'variable' and therefore put into the var folder. Containers are usually deployed as a whole and the application files aren't changed afterwards.

AlliBalliBaba avatar Dec 02 '24 20:12 AlliBalliBaba

I found the -D issue in the docs and made a PR to fix it here: #1243

I think that's helpful regardless of the existing www-data account, because people might want to use other named accounts. Maybe the example name in the docs should be changed though.

kohenkatz avatar Dec 13 '24 02:12 kohenkatz