Container user is now the same as the host user

lecode-official · lecode-official · commit dad5e7cf25b3 · 2024-12-16T17:40:09.000+01:00
It is now possible to specify the user ID and group ID of the host
system user as environment variables when starting the container. During
startup, the container will create a user with the same user ID and
group ID, and run ComfyUI with this user. This is helpful, because the
model and custom node files downloaded by the ComfyUI Manager will be
owned by the host system user instead of root. The documentation in the
read me was updated to reflect this change.

Furthermore, while the custom nodes themselves are installed outside of
the container, their requirements are installed inside of the container.
This means that stopping and removing the container will remove the
installed requirements. Therefore, the dependencies are now installed
when the container is started again.
diff --git a/.cspell.json b/.cspell.json
@@ -65,6 +65,7 @@
         "controlnet",
         "cudnn",
         "findall",
+        "getent",
         "gligen",
         "hypernetworks",
         "lecode",
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -3,9 +3,11 @@
 ## v0.2.0 (December 16, 2024)
 
 - Previously, only the model files were stored outside of the container, but the custom nodes installed by ComfyUI Manager were not. The reason was that the ComfyUI Manager itself is implemented as a custom node, which means that mounting a host system directory into the custom nodes directory would hide the ComfyUI Manager. This problem was fixed by installing the ComfyUI Manager in a separate directory and symlinking it upon container startup into the mounted directory.
+- It is now possible to specify the user ID and group ID of the host system user as environment variables when starting the container. During startup, the container will create a user with the same user ID and group ID, and run ComfyUI with this user. This is helpful, because the model and custom node files downloaded by the ComfyUI Manager will be owned by the host system user instead of `root`. The documentation in the read me was updated to reflect this change.
 - Updated the image to the latest version of ComfyUI (from v0.3.4 to v0.3.7).
 - In the previous version, the main branch of the ComfyUI Manager was installed and not a specific version. Since the main branch may contain breaking changes or bugs, the ComfyUI Manager is now installed with a specific version (v2.55.5).
 - The ComfyUI Manager installs its dependencies when it is first launched. This means that the dependencies have to be installed every time the container is started. To avoid this, the dependencies are now installed manually during the image build process.
+- While the custom nodes themselves are installed outside of the container, their requirements are installed inside of the container. This means that stopping and removing the container will remove the installed requirements. Therefore, the dependencies are now installed when the container is started again.
 - The directory structure of the ComfyUI models directory is now automatically created upon container startup if it does not exist.
 - The Docker image now has two more tags: one with the ComfyUI version and the second with the ComfyUI and ComfyUI Manager versions that are installed in the image. This makes it easier for users to find out which ComfyUI version they are installing before pulling the image.
 - A section was added to the read me, which explains how to update the local image to the latest version.
diff --git a/Dockerfile b/Dockerfile
@@ -4,7 +4,9 @@ FROM pytorch/pytorch:2.5.1-cuda12.4-cudnn9-runtime
 
 # Installs Git, because ComfyUI and the ComfyUI Manager are installed by cloning their respective Git repositories
 RUN apt update --assume-yes && \
-    apt install --assume-yes git
+    apt install --assume-yes \
+        git \
+        sudo
 
 # Clones the ComfyUI repository and checks out the latest release
 RUN git clone https://github.com/comfyanonymous/ComfyUI.git /opt/comfyui && \
@@ -34,7 +36,8 @@ WORKDIR /opt/comfyui
 EXPOSE 8188
 
 # Adds the startup script to the container; the startup script will create all necessary directories in the models and custom nodes volumes that were
-# mounted to the container and symlink the ComfyUI Manager to the correct directory
+# mounted to the container and symlink the ComfyUI Manager to the correct directory; it will also create a user with the same UID and GID as the user
+# that started the container, so that the files created by the container are owned by the user that started the container and not the root user
 ADD entrypoint.sh /entrypoint.sh
 ENTRYPOINT ["/bin/bash", "/entrypoint.sh"]
 
diff --git a/README.md b/README.md
@@ -17,6 +17,8 @@ docker run \
     --name comfyui \
     --detach \
     --restart unless-stopped \
+    --env USER_ID="$(id -u)" \
+    --env GROUP_ID="$(id -g)" \
     --volume "<path/to/models/folder>:/opt/comfyui/models:rw" \
     --volume "<path/to/custom/nodes/folder>:/opt/comfyui/custom_nodes:rw" \
     --publish 8188:8188 \
@@ -27,7 +29,7 @@ docker run \
 
 Please note, that the `<path/to/models/folder>` and `<path/to/custom/nodes/folder>` must be replaced with paths to directories on the host system where the models and custom nodes will be stored, e.g., `$HOME/.comfyui/models` and `$HOME/.comfyui/custom-nodes`, which can be created like so: `mkdir -p $HOME/.comfyui/{models,custom-nodes}`.
 
-The `--detach` flag causes the container to run in the background and `--restart unless-stopped` configures the Docker Engine to automatically restart the container if it stopped itself, experienced an error, or the computer was shutdown, unless you explicitly stopped the container using `docker stop`. This means that ComfyUI will be automatically started in the background when you boot your computer. The `--runtime nvidia` and `--gpus all` arguments enable ComfyUI to access the GPUs of your host system. If you do not want to expose all GPUs, you can specify the desired GPU index or ID instead.
+The `--detach` flag causes the container to run in the background and `--restart unless-stopped` configures the Docker Engine to automatically restart the container if it stopped itself, experienced an error, or the computer was shutdown, unless you explicitly stopped the container using `docker stop`. This means that ComfyUI will be automatically started in the background when you boot your computer. The two `--env` arguments inject the user ID and group ID of the current host user into the container. During startup, a user with the same user ID and group ID will be created, and ComfyUI will be run using this user. This ensures that files written to the volumes (e.g., models and custom nodes installed with the ComfyUI Manager) will be owned by the host system's user. Normally, the user inside the container is `root`, which means that the files that are written from the container to the host system are also owned by `root`. If you have run ComfyUI Docker without setting the environment variables, then you may have to change the owner of the files in the models and custom nodes directories: `sudo chown -r "$(id -un):$(id -gn)" <path/to/models/folder> <path/to/custom/nodes/folder>`. The `--runtime nvidia` and `--gpus all` arguments enable ComfyUI to access the GPUs of your host system. If you do not want to expose all GPUs, you can specify the desired GPU index or ID instead.
 
 After the container has started, you can navigate to [localhost:8188](http://localhost:8188) to access ComfyUI.
 
@@ -38,6 +40,9 @@ docker stop comfyui
 docker rm comfyui
 ```
 
+> [!WARNING]
+> While the custom nodes themselves are installed outside of the container, their requirements are installed inside of the container. This means that stopping and removing the container will remove the installed requirements. When the container is started again, the requirements will be automatically installed, but this may, depending on the number of custom nodes and their requirements, take some time.
+
 ## Updating
 
 To update ComfyUI Docker to the latest version you have to first stop the running container, then pull the new version, optionally remove dangling images, and then restart the container:
@@ -53,6 +58,8 @@ docker run \
     --name comfyui \
     --detach \
     --restart unless-stopped \
+    --env USER_ID="$(id -u)" \
+    --env GROUP_ID="$(id -g)" \
     --volume "<path/to/models/folder>:/opt/comfyui/models:rw" \
     --volume "<path/to/custom/nodes/folder>:/opt/comfyui/custom_nodes:rw" \
     --publish 8188:8188 \
@@ -77,6 +84,8 @@ docker run \
     --name comfyui \
     --detach \
     --restart unless-stopped \
+    --env USER_ID="$(id -u)" \
+    --env GROUP_ID="$(id -g)" \
     --volume "<path/to/models/folder>:/opt/comfyui/models:rw" \
     --volume "<path/to/custom/nodes/folder>:/opt/comfyui/custom_nodes:rw" \
     --publish 8188:8188 \
diff --git a/entrypoint.sh b/entrypoint.sh
@@ -1,6 +1,7 @@
 #!/bin/bash
 
 # Creates the directories for the models inside of the volume that is mounted from the host
+echo "Creating directories for models..."
 MODEL_DIRECTORIES=(
     "checkpoints"
     "clip"
@@ -26,7 +27,45 @@ for MODEL_DIRECTORY in ${MODEL_DIRECTORIES[@]}; do
 done
 
 # Creates the symlink for the ComfyUI Manager to the custom nodes directory, which is also mounted from the host
+echo "Creating symlink for ComfyUI Manager..."
 rm --force /opt/comfyui/custom_nodes/ComfyUI-Manager
 ln -s \
     /opt/comfyui-manager \
     /opt/comfyui/custom_nodes/ComfyUI-Manager
+
+# The custom nodes that were installed using the ComfyUI Manager may have requirements of their own, which are not installed when the container is
+# started for the first time; this loops over all custom nodes and installs the requirements of each custom node
+echo "Installing requirements for custom nodes..."
+for CUSTOM_NODE_DIRECTORY in /opt/comfyui/custom_nodes/*;
+do
+    if [ "$CUSTOM_NODE_DIRECTORY" != "/opt/comfyui/custom_nodes/ComfyUI-Manager" ];
+    then
+        if [ -f "$CUSTOM_NODE_DIRECTORY/requirements.txt" ];
+        then
+            CUSTOM_NODE_NAME=${CUSTOM_NODE_DIRECTORY##*/}
+            CUSTOM_NODE_NAME=${CUSTOM_NODE_NAME//[-_]/ }
+            echo "Installing requirements for $CUSTOM_NODE_NAME..."
+            pip install --requirement "$CUSTOM_NODE_DIRECTORY/requirements.txt"
+        fi
+    fi
+done
+
+# Under normal circumstances, the container would be run as the root user, which is not ideal, because the files that are created by the container in
+# the volumes mounted from the host, i.e., custom nodes and models downloaded by the ComfyUI Manager, are owned by the root user; the user can specify
+# the user ID and group ID of the host user as environment variables when starting the container; if these environment variables are set, a non-root
+# user with the specified user ID and group ID is created, and the container is run as this user
+if [ -z "$USER_ID" ] || [ -z "$GROUP_ID" ];
+then
+    echo "Running container as $USER..."
+    exec "$@"
+else
+    echo "Creating non-root user..."
+    getent group $GROUP_ID > /dev/null 2>&1 || groupadd --gid $GROUP_ID comfyui-user
+    id -u $USER_ID > /dev/null 2>&1 || useradd --uid $USER_ID --gid $GROUP_ID --create-home comfyui-user
+    chown --recursive $USER_ID:$GROUP_ID /opt/comfyui
+    chown --recursive $USER_ID:$GROUP_ID /opt/comfyui-manager
+    export PATH=$PATH:/home/comfyui-user/.local/bin
+
+    echo "Running container as $USER..."
+    sudo --set-home --preserve-env=PATH --user \#$USER_ID "$@"
+fi
