Consider adding a user

[enjunear]

Per dockerfile docs, consider adding a user to the container and running as that user, instead of running as root.

[tianon]

Since we're FROM node, we inherit the node user it creates, which we step down to after adjusting permissions:

ghost/4/debian/docker-entrypoint.sh

Lines 4 to 8 in f9e2173

	# allow the container to be started with `--user`
	if [[ "$*" == node*current/index.js* ]] && [ "$(id -u)" = '0' ]; then
	find "$GHOST_CONTENT" \! -user node -exec chown node '{}' +
	exec gosu node "$BASH_SOURCE" "$@"
	fi

[enjunear]

Indeed.
Shouldn't the chowning be done in the Dockerfile?

[tianon]

The chown that's happening in the entrypoint script is happening on the user-provided volume, not on the contents of the image (we do in fact do as much chowning in the Dockerfile as we can 😅).

[rabume]

I would like to use the docker image for local theme development, but my host user has not the uid / gid 1000.
Container rewrites all the permissions which makes it impossible to work on my theme. Here is an example of a ghost theme with a containerized dev env: https://github.com/eddiesigner/liebling/wiki/Theme-development-with-Docker

If we could define the user from the outside this would make things a lot easier.

[yosifkit]

If we could define the user from the outside this would make things a lot easier.

Use the --user flag on docker run with the user and group ids that you need. The image is designed such that any value but root should work (#54).

[rabume]

Thanks for the response. I tried this flag before already but still dace the same issue. Binded host files / folder the permission gets set to the root user. Theonly thing that made it semi work was a custom docker image in wich I set the user bur then I get the issue that ghost can not read ceratin files anymore. (e.g casper theme)