diff --git a/docker-compose.yml b/docker-compose.yml index b5fa460f6..0ff9b0794 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -31,6 +31,7 @@ services: - "traefik.http.routers.photoprism.tls.domains[0].sans=*.localssl.dev" - "traefik.http.routers.photoprism.tls=true" environment: + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): PHOTOPRISM_UID: ${UID:-1000} # user id, should match your host user id PHOTOPRISM_GID: ${GID:-1000} # group id PHOTOPRISM_ADMIN_PASSWORD: "photoprism" # initial "admin" password (minimum 8 characters) diff --git a/docker/examples/arm64/docker-compose.yml b/docker/examples/arm64/docker-compose.yml index ec1785c7b..59b61b249 100644 --- a/docker/examples/arm64/docker-compose.yml +++ b/docker/examples/arm64/docker-compose.yml @@ -94,12 +94,10 @@ services: ## Hardware Video Transcoding (for sponsors only due to high maintenance and support costs): # PHOTOPRISM_FFMPEG_ENCODER: "raspberry" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry") # PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50) - ## Run as a specific user, group, or with a custom umask (does not work together with "user:") + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 - ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user) - # user: "1000:1000" ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: # - "/dev/video11:/dev/video11" # Raspberry V4L2 diff --git a/docker/examples/armv7/docker-compose.yml b/docker/examples/armv7/docker-compose.yml index b05ba6484..9a6508b0b 100644 --- a/docker/examples/armv7/docker-compose.yml +++ b/docker/examples/armv7/docker-compose.yml @@ -86,12 +86,10 @@ services: PHOTOPRISM_SITE_AUTHOR: "" # meta site author ## Run/install on first startup (options: update, gpu, tensorflow, davfs, clean): # PHOTOPRISM_INIT: "update clean" - ## Run as a specific user, group, or with a custom umask (does not work together with "user:") + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 - ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user) - # user: "1000:1000" ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: # - "/dev/video11:/dev/video11" # Video4Linux (h264_v4l2m2m) diff --git a/docker/examples/docker-compose.yml b/docker/examples/docker-compose.yml index 4c5694f4c..7ddd4a300 100644 --- a/docker/examples/docker-compose.yml +++ b/docker/examples/docker-compose.yml @@ -85,11 +85,11 @@ services: ## Hardware Video Transcoding (for sponsors only due to high maintenance and support costs): # PHOTOPRISM_FFMPEG_ENCODER: "software" # FFmpeg encoder ("software", "intel", "nvidia", "apple", "raspberry") # PHOTOPRISM_FFMPEG_BITRATE: "32" # FFmpeg encoding bitrate limit in Mbit/s (default: 50) - ## Run as a specific user, group, or with a custom umask (does not work together with "user:") + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 - ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user) + ## Start as a non-root user before initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # user: "1000:1000" ## Share hardware devices with FFmpeg and TensorFlow (optional): # devices: diff --git a/docker/examples/scheduler/docker-compose.yml b/docker/examples/scheduler/docker-compose.yml index 3a5fa83ef..0c6371284 100644 --- a/docker/examples/scheduler/docker-compose.yml +++ b/docker/examples/scheduler/docker-compose.yml @@ -84,12 +84,10 @@ services: PHOTOPRISM_SITE_AUTHOR: "" # meta site author ## Run/install on first startup (options: update, gpu, tensorflow, davfs, clitools, clean): # PHOTOPRISM_INIT: "gpu tensorflow" - ## Run as a specific user, group, or with a custom umask (does not work together with "user:") + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 - ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user) - # user: "1000:1000" working_dir: "/photoprism" # do not change or remove ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory volumes: diff --git a/docker/examples/sqlite/docker-compose.yml b/docker/examples/sqlite/docker-compose.yml index 043073035..843e14506 100644 --- a/docker/examples/sqlite/docker-compose.yml +++ b/docker/examples/sqlite/docker-compose.yml @@ -77,12 +77,10 @@ services: PHOTOPRISM_SITE_AUTHOR: "" # meta site author ## Run/install on first startup (options: update, gpu, tensorflow, davfs, clitools, clean): # PHOTOPRISM_INIT: "gpu tensorflow" - ## Run as a specific user, group, or with a custom umask (does not work together with "user:") + ## Switch to a non-root user after initialization (supported IDs are 33, 50-99, 500-600, and 900-1200): # PHOTOPRISM_UID: 1000 # PHOTOPRISM_GID: 1000 # PHOTOPRISM_UMASK: 0000 - ## Start as a non-root user (see https://docs.docker.com/engine/reference/run/#user) - # user: "1000:1000" working_dir: "/photoprism" # do not change or remove ## Storage Folders: "~" is a shortcut for your home directory, "." for the current directory volumes: diff --git a/scripts/dist/create-users.sh b/scripts/dist/create-users.sh index 22cfab7c9..4b3d3986d 100755 --- a/scripts/dist/create-users.sh +++ b/scripts/dist/create-users.sh @@ -32,6 +32,9 @@ groupdel -f 1000 >/dev/null 2>&1 groupadd -f -g 1000 photoprism 1>&2 echo "✅ added group photoprism (1000)" +# add existing www-data user to groups +usermod -a -G photoprism,video,davfs2,renderd,render,videodriver www-data + # create user 'videodriver' userdel -r -f videodriver >/dev/null 2>&1 useradd -u 937 -r -N -g 937 -G photoprism,www-data,video,davfs2,renderd,render -s /bin/bash -m -d "/home/videodriver" videodriver