Use configurable UID/GID with a non-root default

[oxdc]

Make it possible to run the docker container as a non-root user, defaulting to 65534, the conventional nobody user.

[lennart-k]

Defaulting to a non-root user makes sense indeed although I am not sure whether 65534 is the correct choice for that, one of the reasons being that nobody is a bit special for NFS.

Changing the default user would definitely be a breaking change for existing users so this should be a major (0.x.0) release.

I think most programs use 1000 (which can also be problematic) or www-data.
It probably makes sense to pick some random high number but ultimately the security-conscious user should probably pick a user id manually to avoid collisions.

I don't really see how the userns-remap documentation relates to that as that would be about running the Docker daemon as non-root.

[oxdc]

I am not sure whether 65534 is the correct choice for that, one of the reasons being that nobody is a bit special for NFS.
I think most programs use 1000 (which can also be problematic) or www-data.

Thank you for pointing this out. I'm not familiar with NFS. 1000 or 1001 would be a safer choice. Also, I don't think there is a definitive choice on this matter.

Changing the default user would definitely be a breaking change for existing users so this should be a major (0.x.0) release.

Note: Pocket-ID uses 1000:1000 and includes commands to change the ownership of the data directory in entrypoint.sh. Perhaps this approach is safer and will not break most users' instances?

I don't really see how the userns-remap documentation relates to that as that would be about running the Docker daemon as non-root.

Sorry, I linked the wrong doc. Maybe https://www.docker.com/blog/understanding-the-docker-user-instruction/ is more relevant.

[oxdc]

Modified the PR to use PUID/PGID=1000 by default and to automatically chown the data directory on startup.