Ensure uid, gid for postgres, redis and discourse stays consistent (#835)

tgxworld · web-flow · commit 1d7323204ba9 · 2024-08-22T10:57:29.000+08:00
When updating to `debian/base:bookworm` from `debian/base:bullseye`, we
noticed that the uid of the `postgres` and `redis` user changed leading
to permission issues when trying to access directories of mounted volumn
which was previously created with the old uid. The change is because the
`_apt` user is assigned a uid of `42` in Debian bookworm instead of `100`
in Debian bullseye. As a result, the `postgres` user created by the `postgres`
package is automatically assigned a uid of `100` in Debian bookworm instead of `101` in Debian
bullseye.

This commit updates the `slim.Dockefile` to manually add the `postgres`
user and group assigning it a gid of `104` and uid of `101`. The `redis`
user and group is assigned a uid of `103` and a gid of `106`. The
`discourse` user and group is assigned a uid of `1000` and gid of
`1000`.
diff --git a/image/base/slim.Dockerfile b/image/base/slim.Dockerfile
@@ -17,8 +17,16 @@ ENV PG_MAJOR=13 \
 
 #LABEL maintainer="Sam Saffron \"https://twitter.com/samsaffron\""
 
-RUN echo 2.0.`date +%Y%m%d` > /VERSION
+# Ensures that the gid and uid of the following users are consistent to avoid permission issues on directories in the
+# mounted volumes.
+RUN groupadd --gid 104 postgres &&\
+    useradd --uid 101 --gid 104 --home /var/lib/postgresql --shell /bin/bash -c "PostgreSQL administrator,,," postgres &&\
+    groupadd --gid 106 redis &&\
+    useradd --uid 103 --gid 106 --home /var/lib/redis --shell /usr/sbin/nologin redis &&\
+    groupadd --gid 1000 discourse &&\
+    useradd --uid 1000 --gid 1000 -m --shell /bin/bash discourse
 
+RUN echo 2.0.`date +%Y%m%d` > /VERSION
 RUN echo "deb http://deb.debian.org/debian ${DEBIAN_RELEASE}-backports main" > "/etc/apt/sources.list.d/${DEBIAN_RELEASE}-backports.list"
 RUN echo "debconf debconf/frontend select Teletype" | debconf-set-selections
 RUN apt-get update && DEBIAN_FRONTEND=noninteractive apt-get -y install gnupg sudo curl fping
@@ -128,7 +136,6 @@ COPY etc/  /etc
 COPY sbin/ /sbin
 
 # Discourse specific bits
-RUN useradd discourse -s /bin/bash -m -U &&\
-    install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
+RUN install -dm 0755 -o discourse -g discourse /var/www/discourse &&\
     sudo -u discourse git clone --filter=tree:0 https://github.com/discourse/discourse.git /var/www/discourse &&\
     gem install bundler --conservative -v $(awk '/BUNDLED WITH/ { getline; gsub(/ /,""); print $0 }' /var/www/discourse/Gemfile.lock)
