fix: let dev docker compose service runs as root (#21579)

2025-10-17 18:19:27 +00:00 · 2025-09-12 11:20:41 -04:00 · 2025-09-12 11:20:41 -04:00 · a10a946d1a
commit a10a946d1a
parent 04c9531624
3 changed files with 7 additions and 9 deletions
--- a/.devcontainer/server/container-compose-overrides.yml
+++ b/.devcontainer/server/container-compose-overrides.yml
@ -26,7 +26,7 @@ services:
    env_file: !reset []
  init:
    env_file: !reset []
-    command: sh -c 'find /data -maxdepth 1 ! -path "/data/postgres" -type d -exec chown ${UID:-1000}:${GID:-1000} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-1000}:${GID:-1000} "$$path" || true; done'
+    command: sh -c 'find /data -maxdepth 1 ! -path "/data/postgres" -type d -exec chown ${UID:-0}:${GID:-0} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-0}:${GID:-0} "$$path" || true; done'
  immich-machine-learning:
    env_file: !reset []
  database:
--- a/8
+++ b/8
@ -70,11 +70,9 @@ VOLUME_DIRS = \

 # Helper function to chown, on error suggest remediation and exit
 define safe_chown
-	if chown $(2) $(or $(UID),1000):$(or $(GID),1000) "$(1)" 2>/dev/null; then \
-		true; \
-	else \
-	  	STATUS=$$?; echo "Exit code: $$STATUS $(1)"; \
-		echo "$$STATUS $(1)"; \
+	CURRENT_OWNER=$$(stat -c '%u:%g' "$(1)" 2>/dev/null || echo "none"); \
+	DESIRED_OWNER="$(or $(UID),0):$(or $(GID),0)"; \
+	if [ "$$CURRENT_OWNER" != "$$DESIRED_OWNER" ] && ! chown -v $(2) $$DESIRED_OWNER "$(1)" 2>/dev/null; then \
 		echo "Permission denied when changing owner of volumes and upload location. Try running 'sudo make prepare-volumes' first."; \
 		exit 1; \
 	fi;
--- a/docker/docker-compose.dev.yml
+++ b/docker/docker-compose.dev.yml
@ -21,7 +21,7 @@ services:
    # extends:
    #   file: hwaccel.transcoding.yml
    #   service: cpu # set to one of [nvenc, quicksync, rkmpp, vaapi, vaapi-wsl] for accelerated transcoding
-    user: '${UID:-1000}:${GID:-1000}'
+    user: '${UID:-0}:${GID:-0}'
    build:
      context: ../
      dockerfile: server/Dockerfile
@ -82,7 +82,7 @@ services:
    image: immich-web-dev:latest
    # Needed for rootless docker setup, see https://github.com/moby/moby/issues/45919
    # user: 0:0
-    user: '${UID:-1000}:${GID:-1000}'
+    user: '${UID:-0}:${GID:-0}'
    build:
      context: ../
      dockerfile: server/Dockerfile
@ -189,7 +189,7 @@ services:
    env_file:
      - .env
    user: 0:0
-    command: sh -c 'find /data -maxdepth 1 -type d -exec chown ${UID:-1000}:${GID:-1000} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-1000}:${GID:-1000} "$$path" || true; done'
+    command: sh -c 'find /data -maxdepth 1 -type d -exec chown ${UID:-0}:${GID:-0} {} + 2>/dev/null || true; for path in /usr/src/app/.pnpm-store /usr/src/app/server/node_modules /usr/src/app/server/dist /usr/src/app/.github/node_modules /usr/src/app/cli/node_modules /usr/src/app/docs/node_modules /usr/src/app/e2e/node_modules /usr/src/app/open-api/typescript-sdk/node_modules /usr/src/app/web/.svelte-kit /usr/src/app/web/coverage /usr/src/app/node_modules /usr/src/app/web/node_modules; do [ -e "$$path" ] && chown -R ${UID:-0}:${GID:-0} "$$path" || true; done'
    volumes:
      - pnpm-store:/usr/src/app/.pnpm-store
      - server-node_modules:/usr/src/app/server/node_modules