From 3f9b888139a2811c65842d492bf8ce2817687a50 Mon Sep 17 00:00:00 2001 From: William Ono Date: Mon, 30 Sep 2019 16:08:09 -0700 Subject: [PATCH] Run php-fpm as different user (#1745) --- docker-compose.yml | 2 ++ env-example | 3 +++ php-fpm/Dockerfile | 9 ++++++++- 3 files changed, 13 insertions(+), 1 deletion(-) diff --git a/docker-compose.yml b/docker-compose.yml index 07c47f6..53dee76 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -190,6 +190,8 @@ services: - ADDITIONAL_LOCALES=${PHP_FPM_ADDITIONAL_LOCALES} - INSTALL_FFMPEG=${PHP_FPM_FFMPEG} - INSTALL_XHPROF=${PHP_FPM_INSTALL_XHPROF} + - PUID=${PHP_FPM_PUID} + - PGID=${PHP_FPM_PGID} - http_proxy - https_proxy - no_proxy diff --git a/env-example b/env-example index 0fd9d9d..b454fec 100644 --- a/env-example +++ b/env-example @@ -193,6 +193,9 @@ PHP_FPM_INSTALL_SSHPASS=false PHP_FPM_FFMPEG=false PHP_FPM_ADDITIONAL_LOCALES="es_ES.UTF-8 fr_FR.UTF-8" +PHP_FPM_PUID=1000 +PHP_FPM_PGID=1000 + ### PHP_WORKER ############################################ PHP_WORKER_INSTALL_PGSQL=false diff --git a/php-fpm/Dockerfile b/php-fpm/Dockerfile index 3e39d2e..4a0fcc8 100644 --- a/php-fpm/Dockerfile +++ b/php-fpm/Dockerfile @@ -759,7 +759,14 @@ RUN apt-get clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \ rm /var/log/lastlog /var/log/faillog -RUN usermod -u 1000 www-data +# Configure non-root user. +ARG PUID=1000 +ENV PUID ${PUID} +ARG PGID=1000 +ENV PGID ${PGID} + +RUN groupmod -o -g ${PGID} www-data && \ + usermod -o -u ${PUID} -g www-data www-data # Adding the faketime library to the preload file needs to be done last # otherwise it will preload it for all commands that follow in this file