Update docker permissions (dev)

Author: midzelis

docker/docker-compose.dev.yml

@@ -35,6 +35,7 @@ services:
       - /etc/localtime:/etc/localtime:ro
     env_file:
       - .env
+    user: ${S_UID:-0}:${S_GID:-0}
     environment:
       IMMICH_REPOSITORY: immich-app/immich
       IMMICH_REPOSITORY_URL: https://github.com/immich-app/immich
@@ -66,8 +67,8 @@ services:
   immich-web:
     container_name: immich_web
     image: immich-web-dev:latest
-    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
-    # user: 0:0
+    # user: 0:0 needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
+    user: ${W_UID:-1000}:${W_GID:-1000}
     build:
       context: ../
       dockerfile: web/Dockerfile

server/Dockerfile

@@ -4,7 +4,12 @@ FROM ghcr.io/immich-app/base-server-dev:202507091427@sha256:733e510024e03bc24506
 WORKDIR /usr/src/app
 COPY ./server/package* ./server/
 WORKDIR /usr/src/app/server
-RUN npm ci && \
+RUN echo "umask 000" >> /etc/profile && \
+  echo "umask 000" >> /etc/bash.bashrc && \
+  umask 000 && \
+  chmod o+wx /usr/src/app && \
+  chmod o+wx /usr/src/app/server && \
+  npm ci && \
   # exiftool-vendored.pl, sharp-linux-x64 and sharp-linux-arm64 are the only ones we need
   # they're marked as optional dependencies, so we need to copy them manually after pruning
   rm -rf node_modules/@img/sharp-libvips* && \
@@ -26,17 +31,14 @@ RUN apt-get update && \
 RUN usermod -aG sudo node
 RUN echo "node ALL=(ALL) NOPASSWD: ALL" >> /etc/sudoers
 RUN mkdir -p /workspaces/immich
-RUN chown node -R /workspaces
-COPY --chown=node:node --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
+COPY --chmod=777 ../.devcontainer/server/*.sh /immich-devcontainer/
 
-USER node
-COPY --chown=node:node .. /tmp/create-dep-cache/
+COPY .. /tmp/create-dep-cache/
 WORKDIR /tmp/create-dep-cache
 RUN make ci-all && rm -rf /tmp/create-dep-cache
 
-
 FROM dev-container-server AS dev-container-mobile
-USER root
+
 # Enable multiarch for arm64 if necessary
 RUN if [ "$(dpkg --print-architecture)" = "arm64" ]; then \
   dpkg --add-architecture amd64 && \
@@ -62,7 +64,6 @@ RUN mkdir -p ${FLUTTER_HOME} \
   && rm flutter.tar.xz \
   && chown -R node ${FLUTTER_HOME}
 
-USER node
 RUN sudo apt-get update \
   && wget -qO- https://dcm.dev/pgp-key.public | sudo gpg --dearmor -o /usr/share/keyrings/dcm.gpg \
   && echo 'deb [signed-by=/usr/share/keyrings/dcm.gpg arch=amd64] https://dcm.dev/debian stable main' | sudo tee /etc/apt/sources.list.d/dart_stable.list \

web/Dockerfile

@@ -9,7 +9,10 @@ COPY --chown=node:node ./open-api ./open-api/
 COPY --chown=node:node Makefile ./
 
 WORKDIR /usr/src/app/web
-RUN npm ci
+RUN umask 000 && \
+  find /usr/src/app -type d -exec chmod o+rwx {} \; && \
+  find /usr/src/app -type f -exec chmod o+rw {} \; && \
+  npm ci
 
 ENV CHOKIDAR_USEPOLLING=true
 EXPOSE 24678