Update docker permissions (dev)

docker/docker-compose.dev.yml

@@ -35,6 +35,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    user: ${SERVER_UID:-0}:${SERVER_GID:-0}
     environment:
       IMMICH_REPOSITORY: immich-app/immich
       IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
@@ -66,8 +67,8 @@ services:
   immich-web:
     container_name: immich_web
     image: immich-web-dev:latest
-    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    # user: 0:0 needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
-    # user: 0:0
+    user: ${WEB_UID:-1000}:${WEB_GID:-1000}
     build:
       context: ../
       dockerfile: web/Dockerfile

server/Dockerfile

@@ -4,7 +4,12 @@ FROM ghcr.io/immich-app/base-server-dev:202507162011@sha256:85d4230c2208646bd6c5
 WORKDIR /usr/src/app
 COPY ./server/package* ./server/
 WORKDIR /usr/src/app/server
-RUN npm ci && \
+RUN  echo "umask 000" | tee /etc/profile /etc/bash.bashrc >/dev/null && \
+  umask 000 && \
+  chmod o+wx /usr/src/app && \
+  chmod o+wx /usr/src/app/server && \
+  mkdir -p /usr/src/app/upload && \
+  npm ci && \
   # exiftool-vendored.pl, sharp-linux-x64 and sharp-linux-arm64 are the only ones we need
   # they're marked as optional dependencies, so we need to copy them manually after pruning
   rm -rf node_modules/@img/sharp-libvips* && \
@@ -26,17 +31,14 @@ RUN apt-get update && \
 RUN usermod -aG sudo node
 RUN echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 RUN mkdir -p /workspaces/immich
-RUN chown node -R /workspaces
+COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
-COPY --chown=node:node --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
 
-USER node
+COPY .. /tmp/create-dep-cache/
-COPY --chown=node:node .. /tmp/create-dep-cache/
 WORKDIR /tmp/create-dep-cache
 RUN make ci-all && rm -rf /tmp/create-dep-cache
 
-
 FROM dev-container-server AS dev-container-mobile
-USER root
+
 # Enable multiarch for arm64 if necessary
 RUN if [ "$(dpkg --print-architecture)" = "arm64" ]; then \
   dpkg --add-architecture amd64 && \
@@ -62,7 +64,6 @@ RUN mkdir -p ${FLUTTER_HOME} \
   && rm flutter.tar.xz \
   && chown -R node ${FLUTTER_HOME}
 
-USER node
 RUN sudo apt-get update \
   && wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg \
   && echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list \

web/Dockerfile

@@ -1,14 +1,15 @@
 FROM node:22.16.0-alpine3.20@sha256:2289fb1fba0f4633b08ec47b94a89c7e20b829fc5679f9b7b298eaa2f1ed8b7e
 
-RUN apk add --no-cache tini bash
+WORKDIR /usr/src/app/web
+COPY ./web/package* ./
 
-USER node
+RUN apk add --no-cache tini bash && \
-WORKDIR /usr/src/app
+  echo "umask 000" | tee /etc/profile /etc/bash.bashrc >/dev/null && \
-
+  chmod o+wx /usr/src/app && \
-COPY --chown=node:node ./web/package* ./web/
+  chmod o+wx /usr/src/app/web
 
 WORKDIR /usr/src/app/web
-RUN npm ci
+RUN umask 000 && npm ci
 
 ENV CHOKIDAR_USEPOLLING=true \
   PATH="${PATH}:/usr/src/app/web/bin"