Why isn’t there a way to choose the user PUID and PGID to avoid permission issues?
Also discourse is a public facing software, with user uploaded content so are stuff running as root by default?
There are many ways to fix this, from the Dockerfile itself, to post-boot scripts like s6-overlay.
I suggest creating a user called discourse inside the container and allowing us to start the docker with a variable like -e PUID=1020 then just run this simple shell command somewhere after boot:
That will fix permission issues on the host, add consistency, and improve security.
Because of this I can’t get discourse back online after chown my /opt directory which I store all my dockers and run all of them as any arbitrary user I want so I never have issues.
I have no way to guess which PID and GID the discourse container needs either. Not really good implementation.
Even after a rebuild, even if I rebuild as root, even if I rebuild as my docker user, the permissions are messed now, this could have been easily prevented with 2 variables and 3 shell commands after container boot.
If I can’t choose their PUID and PGID this means nothing. Permission issues will still happen, and people will have no idea what supposed user/PUID PGID it should be to fix it
I don’t think that word means what you think in means. Or rather, “I don’t know how to change them” does not mean “they can’t be changed”.
Oh hey, there already is a user called discourse. Which user specifically do you suggest that environment variable change? Choose carefully because they all control important data.
There are six daemons running in the container – cron, nginx, postgres, redis, syslog, and unicorn. Each of them is started by a runit/runsvdir/runsv script in /etc/service.
The “official” method to modify a container is to add run and replace stanzas in the app.yml and rebuild. (This configuration system is called “pups” if you want to search the forum here for more details.)
For example, you’d change UID/GID for the redis server by modifying the last line in the script:
I’d want every relevant user inside it to have the same PID/GID of my host user, is there any particular reason there are multiple users inside the container?
Regardless, it seems the only way to fix the permissions if you mess it is to do a clean install. How I am going to know which folder need to be owned by what PID/GID?
For now I removed /discourse from /opt because permission issues were bound to happen again and did a clean install. But really I’d just want simplicity, have a single user that runs everything with same PID/GID as my host or any arbitrary number…