Add linuxserver-style PUID and PGID support to the PhotoStructure docker image

I’m adding this feature request to gauge interest in improving user: support for docker users: https://photostructure.com/server/photostructure-for-docker/#library-ownership. This approach uses the --user option alongside userns-remap, which is kind of a PITA.

PhotoStructure doesn’t have any user-specific code in the Dockerfile or image to support users, but Linuxserver docker images typically include this init file which makes the process run as any arbitrary uid and gid.

Please vote for this if you’d rather have PUID/PGID support, instead of using docker’s --user feature.

1 Like

userns is an advanced feature, which cannot be enabled for just a single container and on some systems (e.g. Synology) changing the docker configuration is not exactly supported. Therefore, I’d prefer not needing to set this up.

I’ve just added this to the next build :tada:

Here’s the change to the Dockerfile:


ENV UID=1000
ENV GID=1000

# Get the node:14-alpine-provided "node" user out of the way. It has UID 1000,
# and new ubuntu users have userid 1000.

RUN deluser node && \
  addgroup --gid $GID --system phstr && \
  adduser --uid $UID --system --disabled-password --gecos "" -G phstr phstr && \
  chown -R phstr:phstr /ps/app 

ENTRYPOINT [ "/ps/docker-entrypoint.sh" ]

And here’s the new docker-entrypoint.sh:

#!/bin/sh -ex

# Are we root?
if [ "$(id -ru)" = 0 ]; then
  # Accept either UID or PUID:
  UID=${UID:-${PUID:-1000}}
  # Accept either GID or PGID:
  GID=${GID:-${PGID:-1000}}

  # Change the phstr user and group to match UID/GID:
  usermod -o -u "$UID" phstr
  groupmod -o -g "$GID" phstr
  # We're only chowning the /ps/app to make sure we can read and execute the
  # app.

  # If we recursively chown'ed /ps, that'd include the /ps/library, which
  # could take ages and shouldn't be necessary.
  chown -R phstr:phstr /ps/app

  # `exec tini` to prevent zombies. Start photostructure as user phstr instead
  # of root:
  exec tini -- su phstr node /ps/app/photostructure
else
  # They started docker with --user (and hopefully are using userns!), so we
  # can't do any usermod/groupmod/su shenanigans:
  exec tini -- node /ps/app/photostructure
fi
2 Likes