Allow UID for git user in docker container to be specified via ENV variable

[JohnOmernik]

• Operating system: Docker
• Feature Request:

  Description

  It would be helpful for users who may use NFS or other shared storage for the gogs volume to have the UID of the git user specified in the add user command in build.sh. Basically, a variable such as GIT_UID, if set would invoke the add user command with the speceific user id, if not set, then don't run the command with a UID specified.

Thanks

[unknwon]

cc @0rax

[0rax]

Hi there, sorry for the delay.

The thing being that the Git user is created a the creation of the container and not at runtime does not really allow us to make that configurable on a user to user basis.

Nonetheless, this can still be possible by creating this user during container initialization (before Gogs is started). I totally understand the need for this kind of feature and will definitly try to implement that.

I will keep you informed here, but as said, there is two way to do that:

• At container build time (which requires people to build their own version of the container to run with a specific UID) using Docker build-args.
• Or move the creation of the user during container initialization and using an environment variable, by adding something like this to docker/s6/gogs/setup or docker/start.sh:

GIT_UID=$(GIT_UID:-500) # default

adduser -H -D -g 'Gogs Git User' git -h /data/git -s /bin/bash -u ${GIT_UID} && passwd -u git

Both options are correct, and I would prefer the creation of the user at runtime for ease of use (having to build the container yourself whenever there is an update upstream doesn't feel right when the project is already giving you a container). And this might not be that hard to implement as well, as we already change user at runtime to run gogs (running user is not set staticly in the Dockerfile).

I have some other work to do on the container (upgrade to latest alpine and so on), I will definitly look at it in the mean time.

[davidjb]

Could this be implemented with the ability to set GID as well?

Either way, ability to set UID/GUID would help avoid conflicts of user/group between host and container. Gogs is currently writing files as the git user inside the container, but it ends up as a different user outside because of the UID being reused.

An example of UID/GID setting from env variables, if it helps:
https://github.com/plexinc/pms-docker/blob/d1ea49cc79deaad395f8448a606811aafc64d402/root/etc/cont-init.d/40-plex-first-run#L37

[unknwon]

Do need someone with expertise to propose a PR...

[robertbeal]

Made a PR, hope it's ok. It uses usermod and groupmod to change the id's of the user/group. A fairly common technique for handling this sort of issue. Means the user creation can stay in the build process, the setting of the uid/gid happens at runtime.

Like others, I noticed the file ownership of my /var/gogs directory was 1000:1000 which mapped to my user (when I have a gogs system user for all things gogs) which I didn't want it to.

[unknwon]

This is claimed to be fixed by merging #4776, please help test on develop branch.

[ccvca]

Just one notice: Jenkins does this by a build argument:
https://github.com/jenkinsci/docker/blob/master/Dockerfile-alpine

I do not know the pros and cons for this approach instead of environment variables, ...

[robertbeal]

Both can be done. via build argument means you have to build the container yourself (which can be a nuisance as you'll have to manage changes and updates etc...)

Using environment variable means you can use the official image and specify the ID's at runtime. The downside is that you can't run your container in --read-only mode as this method modifies /etc/passwd.

I run my own image here: https://github.com/robertbeal/docker-gogs. The readme probably better explains the above.