Run docker container as non-root user

[kidwellj]

It's my understanding that running docker containers as root isn't ideal. The current configuration, which runs internally as www-data and externally as root can create some problems with access to permissions on the /music folder, and it's rather difficult to change the user after the container has been created, so this can't be sorted by simply adding a docker compose line user: $UID:$GID as subsequent access to the contents of the container by www-data (or whatever) is broken. It seems to me that it would be relatively trivial to map www-data onto a custom UID which could then, by extension, map onto a user account on the host OS. Has there been discussion on this before and perhaps some options ruled out? I'm happy to add a pull-request, but am aware there are several was to do it.

[phanan]

I admittedly am no Docker expert, so feel free to send a PR over if you think this is something that can use some improvements :)

[martijnende]

For those who came across the same issue, here is what I did to run everything as a local user (let's call it asterix, with uid=1000,gid=1000):

1. Get the source files from Github.
2. Modify Dockerfile, adding RUN useradd --groups www-data --password asterix --no-create-home asterix and changing chown www-data:www-data into chown asterix:asterix. Make sure to do the useradd before any chown is executed.
3. In the docker compose file, replace image: phanan/koel with:

build:
  - context: .
  - dockerfile: "Dockerfile"

4. Also in the compose file, add user: "1000:1000" to all services.
5. For the first run, use docker exec --user asterix -it <container_name_for_koel> bash.