[GH-ISSUE #658] Support for native docker --user UID:GID option #240

New issue

Closed

opened 2026-02-27 08:16:05 +03:00 by kerem · 2 comments

kerem commented

2026-02-27 08:16:05 +03:00

Owner

Originally created by @rokiden on GitHub (Aug 27, 2023).
Original GitHub issue: https://github.com/lldap/lldap/issues/658

I prefer use native docker UID:GID option like: docker run --rm --user 1000:1000 nitnelave/lldap:stable but now github.com/lldap/lldap@8e61ee60d5/docker-entrypoint.sh (L25)
throws error

[entrypoint] Copying the default config to /data/lldap_config.toml
[entrypoint] Edit this file to configure LLDAP.
> Setup permissions..
chown: /app: Operation not permitted

I think /app needs only read and execute permissions that can be provided at build, /data permissions usually provided externally (by user).

Affected any lldap version since 46546dac27 commit (stable and latest tested).

Thanks for your great work!

Originally created by @rokiden on GitHub (Aug 27, 2023). Original GitHub issue: https://github.com/lldap/lldap/issues/658 I prefer use native docker UID:GID option like: `docker run --rm --user 1000:1000 nitnelave/lldap:stable` but now https://github.com/lldap/lldap/blob/8e61ee60d597f1a81e58a4e194d157be0ee6ae8e/docker-entrypoint.sh#L25 throws error ``` [entrypoint] Copying the default config to /data/lldap_config.toml [entrypoint] Edit this file to configure LLDAP. > Setup permissions.. chown: /app: Operation not permitted ``` I think /app needs only read and execute permissions that can be provided at build, /data permissions usually provided externally (by user). Affected any lldap version since 46546dac274a183893ccc7b5324d77866bc641ee commit (stable and latest tested). Thanks for your great work!

kerem

2026-02-27 08:16:05 +03:00

closed this issue
added the
docker
label

kerem commented

2026-02-27 08:16:06 +03:00

Author

Owner

@nitnelave commented on GitHub (Aug 27, 2023):

Hey! I believe that came up already before. The entry point as is requires root to setup the permissions for a painless first time start. It's the best for the majority of users. It downgrades to the given UID when running LLDAP.

Some people want to run the entire container as not-root. This is understandable, and can be easily done by overriding the entry point with your custom script (or even just setting LLDAP as the entry point directly).

Would that work for you?

@nitnelave commented on GitHub (Aug 27, 2023): Hey! I believe that came up already before. The entry point as is requires root to setup the permissions for a painless first time start. It's the best for the majority of users. It downgrades to the given UID when running LLDAP. Some people want to run the entire container as not-root. This is understandable, and can be easily done by overriding the entry point with your custom script (or even just setting LLDAP as the entry point directly). Would that work for you?

kerem commented

2026-02-27 08:16:06 +03:00

Author

Owner

@rokiden commented on GitHub (Aug 27, 2023):

Yes, it's my current workaround, but it feels like something not update-compatible, my setup becomes dependent on your app internals, that can be changed in future. But if it's official way to do it, I'll use it. Thanks.

@rokiden commented on GitHub (Aug 27, 2023): Yes, it's my current workaround, but it feels like something not update-compatible, my setup becomes dependent on your app internals, that can be changed in future. But if it's official way to do it, I'll use it. Thanks.

kerem referenced this issue

2026-02-27 08:18:17 +03:00

[PR #240] [MERGED] docker: Add support for SMTP password file #639