Moved to a non-root model.

[Vylyne]

Brief summary

Moved to non-root user model.

Which issue is fixed?

Related to questions in #4471
Superseeds #4700

In-depth Description

• Added buildargs to specify the User ID and Group IDs.
• entrypoint now defaults to running as 1000:1000 rather then 0:0.
  I noticed myself I had some issues initially running with the user directive.

How have you tested this?

I'm running on a build with only this change incorporated.
ghcr.io/vylyne/audiobookshelf:dev-non-root-use

Screenshots

[Ionshard]

Does this not force the non-root user to always be 1000:1000, since the ARG is baked into the image. I try and run my docker containers as their own user/group. This wouldn't allow that.

e.g. I have a audiobookshelf user with UID 983. I do this because the base user of the server is UID 1000 and I don't want the docker to have access to the base user's files.

[Vylyne]

not exactly, It uses the build time arguments to set what user the container will run the entrypoint as if no user directive is added. When the User directive is used, then the entry point is always run as what ever UID:GID is provided by the user directive.|

so if you use the docker run ... --user 983:983 ... or use the user: 983:983 in docker compose the container will be running as that user no matter what is specified in the docker file.

If you're building your own image you can edit the args, or add the build argument values that you want to the build command and you won't need to the --user or user: directive. So that's the "better" way to do it but the easy way is using the image and just forcing what you want it to be at runtime, it works just as well and you should be able to just change it to anything you want.

Only other change On this I'm thinking could be added is to see if there's something in tini or in index.js that we could/should add to prevent a user for user --user 0:0, like just have it exit out and throw an error that it should not be run as root.

[voruti]

Only other change On this I'm thinking could be added is to see if there's something in tini or in index.js that we could/should add to prevent a user for user --user 0:0, like just have it exit out and throw an error that it should not be run as root.

I think this shouldn't be forced. The default should be non-root, as that's best practice, but if someone explicitly wants to use root, they should be allowed to do so.

Edit: maybe add a warning when running as root?

[Vylyne]

I think this shouldn't be forced. The default should be non-root, as that's best practice, but if someone explicitly wants to use root, they should be allowed to do so.

Yeah that was my thought too

Edit: maybe add a warning when running as root?
If we did that I'd suggest it should be in the Interface and the logs. Not just the logs cause someone who does it by accident may not see the logs. But yeah I think adding any protections or warnings around running as root would be a different change anyway.

So I'll leave this as is, just doing the move away from running as root to a default non-root users.

I did want to pick a different default user ID but with most major linux distro's starting users at 1000 I went with that because it's the lowest barrier for the least experienced user to use. Since that's likely the UID they're using when they're logging in to the host, (if not root).