New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow setting UID and GID when running a docker container #4776

Merged
merged 2 commits into from Oct 13, 2017

Conversation

2 participants
@robertbeal
Copy link
Contributor

robertbeal commented Sep 16, 2017

Fix #3520 by allowing the UID and GID of the git user to be changed by passing the environment variables PUID and GUID in as part of the docker run command.

This is done using usermod and groupmod (included in the shadow package in the alpine testing repo).

Prior to this pull request, gogs files are written using uid/gid 1000:1000 as these are the id's of the docker git user. Which in most cases, may not map to a meaningful user on the host.

sudo docker create \
    --name=gogs \
    -p 22:22 \
    -p 3000:3000 \
    -e PUID=$(id $USER -u) -e PGID=$(id $USER -g) \
    -v /var/gogs:/data \
    -t gogs/gogs

Apologies for changing so much of the finalize.sh script. I had to in order for the container to build correctly (beforehand it would build, but /app/gogs/docker was empty) so that I could test it works.

I've also added a usermod command when creating the git user in a second commit. I believe simply doing passwd -u leaves the user in an insecure state. The usermod command means the user is unlocked but with password disabled.

@robertbeal

This comment has been minimized.

Copy link
Contributor

robertbeal commented Oct 6, 2017

I ended up writing a fresh Dockerfile. I've got the above working, alpine based, using s6 overlay, su-exec (instead of gosu as it's 4kb instead of 1.8mb). The image (compressed) is 16mb smaller than the gogs one (although may be missing a few bits).

But... best of all the container can run in--read-only` mode (don't think the current gogs one can) making it much more prod friendly.

https://github.com/robertbeal/docker-gogs/blob/master/Dockerfile

@Unknwon

This comment has been minimized.

Copy link
Member

Unknwon commented Oct 13, 2017

Thank you!

@Unknwon Unknwon merged commit ce7496a into gogs:develop Oct 13, 2017

2 checks passed

continuous-integration/appveyor/pr AppVeyor build succeeded
Details
continuous-integration/travis-ci/pr The Travis CI build passed
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment