add user-IDs to all containers

Signed-off-by: Simon L. <[email protected]>

Containers/apache/Dockerfile

@@ -81,7 +81,7 @@ RUN set -ex; \
     \
     echo "root:$(openssl rand -base64 12)" | chpasswd
 
-USER www-data
+USER 33
 
 ENTRYPOINT ["/start.sh"]
 CMD ["/usr/bin/supervisord", "-c", "/supervisord.conf"]

Containers/clamav/Dockerfile

@@ -19,7 +19,7 @@ RUN set -ex; \
 
 VOLUME /var/lib/clamav
 
-USER clamav
+USER 100
 
 LABEL com.centurylinklabs.watchtower.enable="false"
 

Containers/imaginary/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM golang:1.23.2-alpine3.20 AS go
 
-ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
+ENV IMAGINARY_HASH=8f36a26c448be8c151a3878404b75fcd1cd3cf0c
 
 RUN set -ex; \
     apk add --no-cache \
@@ -33,7 +33,7 @@ COPY --chmod=775 start.sh /start.sh
 
 ENV PORT=9000
 
-USER nobody
+USER 65534
 
 # https://github.com/h2non/imaginary#memory-issues
 ENV MALLOC_ARENA_MAX=2

Containers/postgresql/Dockerfile

@@ -39,7 +39,7 @@ RUN set -ex; \
 
 VOLUME /mnt/data
 
-USER postgres
+USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD /healthcheck.sh

Containers/redis/Dockerfile

@@ -14,7 +14,7 @@ RUN set -ex; \
 # Get rid of unused binaries
     rm -f /usr/local/bin/gosu;
 
-USER redis
+USER 999
 ENTRYPOINT ["/start.sh"]
 
 HEALTHCHECK CMD redis-cli -a $REDIS_HOST_PASSWORD PING || exit 1

Containers/talk-recording/Dockerfile

@@ -28,7 +28,7 @@ RUN set -ex; \
         build-base \
         linux-headers \
         geckodriver; \
-    useradd -d /tmp --system recording; \
+    useradd -d /tmp --system recording -u 1000; \
 # Give root a random password
     echo "root:$(openssl rand -base64 12)" | chpasswd; \
     git clone --recursive https://github.com/nextcloud/nextcloud-talk-recording --depth=1 --single-branch --branch "$RECORDING_VERSION" /src; \
@@ -49,7 +49,7 @@ RUN set -ex; \
         linux-headers;
 
 WORKDIR /tmp
-USER recording
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["python", "-m", "nextcloud.talk.recording", "--config", "/conf/recording.conf"]
 

Containers/talk/Dockerfile

@@ -99,7 +99,7 @@ RUN set -ex; \
     ln -s /opt/eturnal/bin/stun /usr/local/bin/stun; \
     ln -s /opt/eturnal/bin/eturnalctl /usr/local/bin/eturnalctl
 
-USER eturnal
+USER 1000
 ENTRYPOINT ["/start.sh"]
 CMD ["supervisord", "-c", "/supervisord.conf"]
 

Containers/whiteboard/Dockerfile

@@ -1,7 +1,7 @@
 # syntax=docker/dockerfile:latest
 FROM ghcr.io/nextcloud-releases/whiteboard:v1.0.4
 
-USER root
+USER 65534
 RUN set -ex; \
     apk upgrade --no-cache -a; \
     apk add --no-cache bash

manual-install/update-yaml.sh

@@ -19,6 +19,7 @@ OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].backup_volumes)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].nextcloud_exec_commands)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].image_tag)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].networks)')"
+OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[].documentation)')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-watchtower"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-domaincheck"))')"
 OUTPUT="$(echo "$OUTPUT" | jq 'del(.services[] | select(.container_name == "nextcloud-aio-borgbackup"))')"

php/containers-schema.json

@@ -68,6 +68,9 @@
 					"stop_grace_period": {
 						"type": "integer"
 					},
+					"user": {
+						"type": "integer"
+					},
 					"ports": {
 						"type": "array",
 						"items": {

php/containers.json

@@ -13,6 +13,7 @@
       ],
       "display_name": "Apache",
       "image": "nextcloud/aio-apache",
+      "user": 33,
       "init": true,
       "ports": [
         {
@@ -78,6 +79,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Database",
       "image": "nextcloud/aio-postgresql",
+      "user": 999,
       "init": true,
       "expose": [
         "5432"
@@ -251,6 +253,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Notify Push",
       "image": "nextcloud/aio-notify-push",
+      "user": 33,
       "init": true,
       "expose": [
         "7867"
@@ -292,6 +295,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Redis",
       "image": "nextcloud/aio-redis",
+      "user": 999,
       "init": true,
       "expose": [
         "6379"
@@ -328,6 +332,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Collabora",
       "image": "nextcloud/aio-collabora",
+      "user": 100,
       "init": true,
       "expose": [
         "9980"
@@ -366,6 +371,7 @@
       "documentation": "https://github.com/nextcloud/all-in-one/discussions/1358",
       "display_name": "Talk",
       "image": "nextcloud/aio-talk",
+      "user": 1000,
       "init": true,
       "ports": [
         {
@@ -422,6 +428,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Talk Recording",
       "image": "nextcloud/aio-talk-recording",
+      "user": 1000,
       "init": true,
       "expose": [
         "1234"
@@ -575,6 +582,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "ClamAV",
       "image": "nextcloud/aio-clamav",
+      "user": 100,
       "init": false,
       "expose": [
         "3310"
@@ -655,6 +663,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Imaginary",
       "image": "nextcloud/aio-imaginary",
+      "user": 65534,
       "init": true,
       "expose": [
         "9000"
@@ -760,6 +769,7 @@
       "image_tag": "%AIO_CHANNEL%",
       "display_name": "Whiteboard",
       "image": "nextcloud/aio-whiteboard",
+      "user": 65534,
       "init": true,
       "expose": [
         "3002"