Document usage as non-root user

offen · Feb 17, 2024 · b903b67 · b903b67
1 parent 83fc3dc
commit b903b67
Show file tree

Hide file tree

Showing 6 changed files with 61 additions and 4 deletions.
diff --git a/docs/how-tos/replace-deprecated-backup-from-snapshot.md b/docs/how-tos/replace-deprecated-backup-from-snapshot.md
@@ -2,7 +2,7 @@
 title: Replace deprecated BACKUP_FROM_SNAPSHOT usage
 layout: default
 parent: How Tos
-nav_order: 16
+nav_order: 17
 ---
 
 # Replace deprecated `BACKUP_FROM_SNAPSHOT` usage

diff --git a/docs/how-tos/replace-deprecated-backup-stop-container-label.md b/docs/how-tos/replace-deprecated-backup-stop-container-label.md
@@ -2,7 +2,7 @@
 title: Replace deprecated BACKUP_STOP_CONTAINER_LABEL setting
 layout: default
 parent: How Tos
-nav_order: 19
+nav_order: 20
 ---
 
 # Replace deprecated `BACKUP_STOP_CONTAINER_LABEL` setting

diff --git a/docs/how-tos/replace-deprecated-exec-labels.md b/docs/how-tos/replace-deprecated-exec-labels.md
@@ -2,7 +2,7 @@
 title: Replace deprecated exec-pre and exec-post labels
 layout: default
 parent: How Tos
-nav_order: 17
+nav_order: 18
 ---
 
 # Replace deprecated `exec-pre` and `exec-post` labels

diff --git a/docs/how-tos/run-rootless.md b/docs/how-tos/run-rootless.md
@@ -0,0 +1,36 @@
+---
+title: Use the image as a non-root user
+layout: default
+parent: How Tos
+nav_order: 16
+---
+
+# Use the image as a non-root user
+
+{: .important }
+Running as a non-root user limits interaction with the Docker Daemon.
+If you want to stop and restart containers and services during backup, and the host's Docker daemon is running as root, you will also need to run this tool as root.
+
+By default, this image executes backups using the `root` user.
+In case you prefer to use a different user, you can use Docker's [`user` ](https://docs.docker.com/engine/reference/run/#user) option, passing the user and group id:
+
+```console
+docker run --rm \
+  -v data:/backup/data \
+  --env AWS_ACCESS_KEY_ID="<xxx>" \
+  --env AWS_SECRET_ACCESS_KEY="<xxx>" \
+  --env AWS_S3_BUCKET_NAME="<xxx>" \
+  --entrypoint backup \
+  --user 1000:1000 \
+  offen/docker-volume-backup:v2
+```
+
+or in a compose file:
+
+```yml
+services:
+  backup:
+    image: offen/docker-volume-backup:v2
+    user: 1000:1000
+    # further configuration omitted ...
+```
diff --git a/docs/how-tos/update-deprecated-email-config.md b/docs/how-tos/update-deprecated-email-config.md
@@ -2,7 +2,7 @@
 title: Update deprecated email configuration
 layout: default
 parent: How Tos
-nav_order: 18
+nav_order: 19
 ---
 
 # Update deprecated email configuration

diff --git a/docs/recipes/index.md b/docs/recipes/index.md
@@ -371,3 +371,24 @@ volumes:
   data_1:
   data_2:
 ```
+
+## Running as a non-root user
+
+```yml
+version: '3'
+
+services:
+  # ... define other services using the `data` volume here
+  backup:
+    image: offen/docker-volume-backup:v2
+    user: 1000:1000
+    environment:
+      AWS_S3_BUCKET_NAME: backup-bucket
+      AWS_ACCESS_KEY_ID: AKIAIOSFODNN7EXAMPLE
+      AWS_SECRET_ACCESS_KEY: wJalrXUtnFEMI/K7MDENG/bPxRfiCYEXAMPLEKEY
+    volumes:
+      - data:/backup/my-app-backup:ro
+
+volumes:
+  data:
+```