From bedf90d316f51983afc7cda5276432dd7bc51c51 Mon Sep 17 00:00:00 2001
From: Daniel Volz <mail@danielvolz.org>
Date: Sat, 27 Dec 2025 12:39:32 +0100
Subject: [PATCH] feat(docker): add PUID and PGID environment variables for
 user/group ID handling in Docker setup

---
 .env.example                 |  5 +++++
 backend/Dockerfile           | 10 ++++------
 backend/docker-entrypoint.sh | 15 +++++++++------
 docker-compose.yml           |  3 +++
 4 files changed, 21 insertions(+), 12 deletions(-)

diff --git a/.env.example b/.env.example
index 417e1e5..41008db 100644
--- a/.env.example
+++ b/.env.example
@@ -4,6 +4,11 @@
 # Copy this file to .env and adjust values for your setup
 # =============================================================================
 
+# Container user/group IDs (for bind mount permissions)
+# Set to your host user's UID/GID: id -u && id -g
+PUID=1000
+PGID=1000
+
 PORT=3000
 CORS_ORIGINS=http://localhost:4174
 LOG_LEVEL=info
diff --git a/backend/Dockerfile b/backend/Dockerfile
index 8ef7e63..6539b9a 100644
--- a/backend/Dockerfile
+++ b/backend/Dockerfile
@@ -36,17 +36,15 @@ FROM node:22-slim AS runner
 
 WORKDIR /app
 
-# Create non-root user with specific UID for consistent bind mount permissions
-RUN groupadd --gid 1000 appgroup && \
-    useradd --uid 1000 --gid appgroup --shell /bin/sh --create-home appuser
+# node:22-slim already has user 'node' with UID 1000 - we'll use that
 
 # Copy built application
 COPY --from=builder /app/node_modules ./node_modules
 COPY --from=builder /app/dist ./dist
 COPY --from=builder /app/package.json ./
 
-# Create data directory and set ownership
-RUN mkdir -p /app/data && chown -R appuser:appgroup /app
+# Create data directory and set ownership to node user (UID 1000)
+RUN mkdir -p /app/data && chown -R node:node /app
 
 # Copy entrypoint script
 COPY docker-entrypoint.sh /docker-entrypoint.sh
@@ -59,7 +57,7 @@ ENV PORT=3000
 # Expose application port
 EXPOSE 3000
 
-# Entrypoint runs as root to fix permissions, then drops to appuser
+# Entrypoint runs as root to fix permissions, then drops to node user
 ENTRYPOINT ["/docker-entrypoint.sh"]
 
 # Start application
diff --git a/backend/docker-entrypoint.sh b/backend/docker-entrypoint.sh
index fbdea49..fb08577 100644
--- a/backend/docker-entrypoint.sh
+++ b/backend/docker-entrypoint.sh
@@ -1,10 +1,13 @@
 #!/bin/sh
 set -e
 
-# Ensure data directory exists and has correct ownership
-# This script runs as root, fixes permissions, then node runs as appuser via USER directive
-mkdir -p /app/data
-chown -R 1000:1000 /app/data
+# Use PUID/PGID from environment, default to 1000
+PUID=${PUID:-1000}
+PGID=${PGID:-1000}
 
-# Execute the main command as appuser (UID 1000)
-exec runuser -u appuser -- "$@"
+# Ensure data directory exists and has correct ownership
+mkdir -p /app/data
+chown -R "$PUID:$PGID" /app/data
+
+# Execute the main command as the specified user
+exec runuser -u "#$PUID" -- "$@"
diff --git a/docker-compose.yml b/docker-compose.yml
index 0f4408f..3602f43 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -8,6 +8,9 @@ services:
     container_name: medassist-ng-backend
     env_file:
       - .env
+    environment:
+      - PUID=${PUID:-1000}
+      - PGID=${PGID:-1000}
     volumes:
       - ./data:/app/data
     ports: