From 97c256e89bf99ff67f8f29827988e53dbb99ec19 Mon Sep 17 00:00:00 2001 From: midzelis Date: Wed, 9 Jul 2025 18:16:56 +0000 Subject: [PATCH] Update docker permissions (dev) --- docker/docker-compose.dev.yml | 5 +++-- server/Dockerfile | 17 +++++++++-------- web/Dockerfile | 13 +++++++------ 3 files changed, 19 insertions(+), 16 deletions(-) diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml index 32ff115102..7782c4d3ca 100644 --- a/docker/docker-compose.dev.yml +++ b/docker/docker-compose.dev.yml @@ -35,6 +35,7 @@ services: - /etc/localtime:/etc/localtime:ro env_file: - .env + user: ${SERVER_UID:-0}:${SERVER_GID:-0} environment: IMMICH_REPOSITORY: immich-app/immich IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich @@ -66,8 +67,8 @@ services: immich-web: container_name: immich_web image: immich-web-dev:latest - # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919 - # user: 0:0 + # user: 0:0 needed for rootless docker setup, see https://github.com/moby/moby/issues/45919 + user: ${WEB_UID:-1000}:${WEB_GID:-1000} build: context: ../ dockerfile: web/Dockerfile diff --git a/server/Dockerfile b/server/Dockerfile index e082d0e69e..d533cd7c15 100644 --- a/server/Dockerfile +++ b/server/Dockerfile @@ -4,7 +4,12 @@ FROM ghcr.io/immich-app/base-server-dev:202507162011@sha256:85d4230c2208646bd6c5 WORKDIR /usr/src/app COPY ./server/package* ./server/ WORKDIR /usr/src/app/server -RUN npm ci && \ +RUN echo "umask 000" | tee /etc/profile /etc/bash.bashrc >/dev/null && \ + umask 000 && \ + chmod o+wx /usr/src/app && \ + chmod o+wx /usr/src/app/server && \ + mkdir -p /usr/src/app/upload && \ + npm ci && \ # exiftool-vendored.pl, sharp-linux-x64 and sharp-linux-arm64 are the only ones we need # they're marked as optional dependencies, so we need to copy them manually after pruning rm -rf node_modules/@img/sharp-libvips* && \ @@ -26,17 +31,14 @@ RUN apt-get update && \ RUN usermod -aG sudo node RUN echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers RUN mkdir -p /workspaces/immich -RUN chown node -R /workspaces -COPY --chown=node:node --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/ +COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/ -USER node -COPY --chown=node:node .. /tmp/create-dep-cache/ +COPY .. /tmp/create-dep-cache/ WORKDIR /tmp/create-dep-cache RUN make ci-all && rm -rf /tmp/create-dep-cache - FROM dev-container-server AS dev-container-mobile -USER root + # Enable multiarch for arm64 if necessary RUN if [ "$(dpkg --print-architecture)" = "arm64" ]; then \ dpkg --add-architecture amd64 && \ @@ -62,7 +64,6 @@ RUN mkdir -p ${FLUTTER_HOME} \ && rm flutter.tar.xz \ && chown -R node ${FLUTTER_HOME} -USER node RUN sudo apt-get update \ && wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg \ && echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list \ diff --git a/web/Dockerfile b/web/Dockerfile index 3c119fdd4d..966577b3ba 100644 --- a/web/Dockerfile +++ b/web/Dockerfile @@ -1,14 +1,15 @@ FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e -RUN apk add --no-cache tini bash +WORKDIR /usr/src/app/web +COPY ./web/package* ./ -USER node -WORKDIR /usr/src/app - -COPY --chown=node:node ./web/package* ./web/ +RUN apk add --no-cache tini bash && \ + echo "umask 000" | tee /etc/profile /etc/bash.bashrc >/dev/null && \ + chmod o+wx /usr/src/app && \ + chmod o+wx /usr/src/app/web WORKDIR /usr/src/app/web -RUN npm ci +RUN umask 000 && npm ci ENV CHOKIDAR_USEPOLLING=true \ PATH="${PATH}:/usr/src/app/web/bin"