Merge pull request #2305 from ubc/1745-php-fpm-uid-gid

Run php-fpm as different user (#1745)

docker-compose.yml

@@ -198,6 +198,8 @@ services:
           - ADDITIONAL_LOCALES=${PHP_FPM_ADDITIONAL_LOCALES}
           - INSTALL_FFMPEG=${PHP_FPM_FFMPEG}
           - INSTALL_XHPROF=${PHP_FPM_INSTALL_XHPROF}
+          - PUID=${PHP_FPM_PUID}
+          - PGID=${PHP_FPM_PGID}
           - http_proxy
           - https_proxy
           - no_proxy

env-example

@@ -198,6 +198,9 @@ PHP_FPM_INSTALL_MAILPARSE=false
 PHP_FPM_FFMPEG=false
 PHP_FPM_ADDITIONAL_LOCALES="es_ES.UTF-8 fr_FR.UTF-8"
 
+PHP_FPM_PUID=1000
+PHP_FPM_PGID=1000
+
 ### PHP_WORKER ############################################
 
 PHP_WORKER_INSTALL_PGSQL=false

php-fpm/Dockerfile

@@ -789,7 +789,14 @@ RUN apt-get clean && \
     rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* && \
     rm /var/log/lastlog /var/log/faillog
 
-RUN usermod -u 1000 www-data
+# Configure non-root user.
+ARG PUID=1000
+ENV PUID ${PUID}
+ARG PGID=1000
+ENV PGID ${PGID}
+
+RUN groupmod -o -g ${PGID} www-data && \
+    usermod -o -u ${PUID} -g www-data www-data
 
 # Adding the faketime library to the preload file needs to be done last
 # otherwise it will preload it for all commands that follow in this file