Run as different user than root?

[Tofandel]

I run docker compose as an user other than root and to avoid filesystem permissions issues on my mounted files I change the user and group id to match the user running docker

smtp:
        image: mwader/postfix-relay
        restart: always
        user: 1000:1000
        volumes:
            -  ./data/dkim:/etc/opendkim/keys

Unfortunately the image fails to run with another user than root /bin/bash: /root/run: Permission denied

[wader]

Hey, yeah /root/run is probably own by root by default, we can probably change permission etc on it but i guess the problem with running as non-root is how to know which uid/gid to use? it there any convention for it? could it be done optionally? not sure i have much time to look into it atm but feel to research it or propose something

[Tofandel]

It's a very big and large problem in docker this volume permissions but unfortunately they are not doing anything about it

So right now we have to use hacks and bake gosu into the image entrypoint to achieve that

It can be made optional with an env var, since it will still run as root but execute the entrypoint as the specified user with the GID and UID taken from a file in a mounted volume

[wader]

Yeap that is my experience with it also, is a mess. Wonder if it would be possible in the postfix-relay case to generate config files with uid/gid to use? maybe postfix supports it? no idea.