Run the app container as a non-root user

[ucan-lab]

Problem

When a file system is bind mounted in a container, the uid and gid are used as they are between the host machine and the container, causing a problem where the owner of the file written by the container becomes the root user.

See #258

One possibility is to run Docker itself in rootless mode, but it also seems possible to assign non-root users the same UID and GID as Linux.

Run the container as phper:phper, which is the opposite of the root user.

Operation confirmation

$ task for-linux-env # Linux environment only
$ task create-project

# or...

$ make for-linux-env # Linux environment only
$ make create-project

# or...

$ echo "UID=$(id -u)" >> .env # Linux environment only
$ echo "GID=$(id -g)" >> .env # Linux environment only

$ mkdir -p src
$ docker compose build
$ docker compose up -d
$ docker compose exec app composer create-project --prefer-dist laravel/laravel .
$ docker compose exec app php artisan key:generate
$ docker compose exec app php artisan storage:link
$ docker compose exec app chmod -R 777 storage bootstrap/cache
$ docker compose exec app php artisan migrate

http://localhost

• Docker for Mac
• Docker for Windows
• Linux

Help

I'm currently not in a position to try it on Linux, so I'd like someone to review it.

[ucan-lab]

The Linux and Windows environments are not ready, but since CI is running, I will try merging them.