From fc4de38267e68a812d3d6dec5967fe4b7b4b6d33 Mon Sep 17 00:00:00 2001
From: midzelis <min123@gmail.com>
Date: Wed, 9 Jul 2025 18:16:56 +0000
Subject: [PATCH] Update docker permissions (dev)

---
 docker/docker-compose.dev.yml |  5 +++--
 server/Dockerfile             | 17 +++++++++--------
 2 files changed, 12 insertions(+), 10 deletions(-)

diff --git a/docker/docker-compose.dev.yml b/docker/docker-compose.dev.yml
index 32ff115102..5cc87d403b 100644
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@@ -35,6 +35,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    user: ${S_UID:-0}:${S_GID:-0}
     environment:
       IMMICH_REPOSITORY: immich-app/immich
       IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
@@ -66,8 +67,8 @@ services:
   immich-web:
     container_name: immich_web
     image: immich-web-dev:latest
-    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
-    # user: 0:0
+    # user: 0:0 needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    user: ${W_UID:-1000}:${W_GID:-1000}
     build:
       context: ../
       dockerfile: web/Dockerfile
diff --git a/server/Dockerfile b/server/Dockerfile
index e082d0e69e..8b4c6e95cc 100644
--- a/server/Dockerfile
+++ b/server/Dockerfile
@@ -4,7 +4,12 @@ FROM ghcr.io/immich-app/base-server-dev:202507162011@sha256:85d4230c2208646bd6c5
 WORKDIR /usr/src/app
 COPY ./server/package* ./server/
 WORKDIR /usr/src/app/server
-RUN npm ci && \
+RUN echo "umask 000" >> /etc/profile && \
+  echo "umask 000" >> /etc/bash.bashrc && \
+  umask 000 && \
+  chmod o+wx /usr/src/app && \
+  chmod o+wx /usr/src/app/server && \
+  npm ci && \
   # exiftool-vendored.pl, sharp-linux-x64 and sharp-linux-arm64 are the only ones we need
   # they're marked as optional dependencies, so we need to copy them manually after pruning
   rm -rf node_modules/@img/sharp-libvips* && \
@@ -26,17 +31,14 @@ RUN apt-get update && \
 RUN usermod -aG sudo node
 RUN echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 RUN mkdir -p /workspaces/immich
-RUN chown node -R /workspaces
-COPY --chown=node:node --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
+COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
 
-USER node
-COPY --chown=node:node .. /tmp/create-dep-cache/
+COPY .. /tmp/create-dep-cache/
 WORKDIR /tmp/create-dep-cache
 RUN make ci-all && rm -rf /tmp/create-dep-cache
 
-
 FROM dev-container-server AS dev-container-mobile
-USER root
+
 # Enable multiarch for arm64 if necessary
 RUN if [ "$(dpkg --print-architecture)" = "arm64" ]; then \
   dpkg --add-architecture amd64 && \
@@ -62,7 +64,6 @@ RUN mkdir -p ${FLUTTER_HOME} \
   && rm flutter.tar.xz \
   && chown -R node ${FLUTTER_HOME}
 
-USER node
 RUN sudo apt-get update \
   && wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg \
   && echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list \