From b336cbc064db31d169ae790e16ee48487c86a7a0 Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 20:20:43 +0000
Subject: [PATCH 1/4] Update Dockerfile

no root changes
---
 services/comfy/Dockerfile | 44 +++++++++++++++++++++++++++++++++++++--
 1 file changed, 42 insertions(+), 2 deletions(-)

diff --git a/services/comfy/Dockerfile b/services/comfy/Dockerfile
index 2de504d..47b24c9 100644
--- a/services/comfy/Dockerfile
+++ b/services/comfy/Dockerfile
@@ -2,10 +2,50 @@ FROM pytorch/pytorch:2.3.0-cuda12.1-cudnn8-runtime
 
 ENV DEBIAN_FRONTEND=noninteractive PIP_PREFER_BINARY=1
 
-RUN apt-get update && apt-get install -y git && apt-get clean
+RUN apt-get update && apt-get install -y git libgoogle-perftools-dev && apt-get clean
+
+ARG PUID=0
+ARG PGID=0
+ARG USER_HOME=/root
+# set build args as container environment variables for entrypoint reference
+ENV PUID=$PUID
+ENV PGID=$PGID
+ENV USER_HOME=$USER_HOME
+
+# if user home does not exist, create it
+RUN mkdir -p "$USER_HOME"
+
+# home already exists, chown it
+RUN chown -R "${PUID}:${PGID}" "$USER_HOME"
+
+# Only groupadd if we're non root
+RUN if [ "$PGID" -ne "0" ]; then \
+      echo non root group detected; \
+      groupadd \
+        --gid "$PGID" \
+        stablediffusion ;\
+    else \
+      echo "root group detected" ; \
+    fi
+
+# Only useradd if we're non root
+RUN if [ "$PUID" -ne "0" ]; then \
+      echo non root user detected; \
+      useradd \
+        --gid="$PGID" \
+        --no-user-group \
+        -M \
+        --home "$USER_HOME" \
+        stablediffusion ; \
+    else \
+      echo "root group detected" ; \
+    fi
+
+RUN chown -R "$PUID:$PGID" /stable-diffusion
+USER $PUID:$PGID
 
 ENV ROOT=/stable-diffusion
-RUN --mount=type=cache,target=/root/.cache/pip \
+RUN --mount=type=cache,target="$USER_HOME"/.cache/pip \
   git clone https://github.com/comfyanonymous/ComfyUI.git ${ROOT} && \
   cd ${ROOT} && \
   git checkout master && \

From 40e1e818beba5edcf8452f972a8a865ff5876245 Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 20:22:09 +0000
Subject: [PATCH 2/4] Update entrypoint.sh

no_root
---
 services/comfy/entrypoint.sh | 7 ++++++-
 1 file changed, 6 insertions(+), 1 deletion(-)

diff --git a/services/comfy/entrypoint.sh b/services/comfy/entrypoint.sh
index b4299a7..b94ac10 100755
--- a/services/comfy/entrypoint.sh
+++ b/services/comfy/entrypoint.sh
@@ -6,7 +6,7 @@ mkdir -vp /data/config/comfy/custom_nodes
 
 declare -A MOUNTS
 
-MOUNTS["/root/.cache"]="/data/.cache"
+MOUNTS["${USER_HOME}/.cache"]="/data/.cache"
 MOUNTS["${ROOT}/input"]="/data/config/comfy/input"
 MOUNTS["${ROOT}/output"]="/output/comfy"
 
@@ -28,4 +28,9 @@ if [ -f "/data/config/comfy/startup.sh" ]; then
   popd
 fi
 
+chown -R root ~/.cache/
+chmod 766 ~/.cache/
+chown -R $PUID:$PGID ~/.cache/
+chmod 776 ~/.cache/
+
 exec "$@"

From 8c3649469b5f5000be49b0a3774f6d5eb4c8efaf Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 20:27:18 +0000
Subject: [PATCH 3/4] Update Dockerfile

no_root
---
 services/fooocus/Dockerfile | 52 ++++++++++++++++++++++++++++++++-----
 1 file changed, 46 insertions(+), 6 deletions(-)

diff --git a/services/fooocus/Dockerfile b/services/fooocus/Dockerfile
index 1892f6b..35ad916 100644
--- a/services/fooocus/Dockerfile
+++ b/services/fooocus/Dockerfile
@@ -6,17 +6,57 @@ FROM pytorch/pytorch:2.0.1-cuda11.7-cudnn8-runtime
 
 ENV DEBIAN_FRONTEND=noninteractive PIP_PREFER_BINARY=1
 
-RUN apt-get update && apt-get install -y git && apt-get clean
+RUN apt-get update && apt-get install -y git libglib2.0-0 libgl1-mesa-glx python-dev libgoogle-perftools-dev && apt-get clean
+
+ARG PUID=0
+ARG PGID=0
+ARG USER_HOME=/root
+# set build args as container environment variables for entrypoint reference
+ENV PUID=$PUID
+ENV PGID=$PGID
+ENV USER_HOME=$USER_HOME
+
+# if user home does not exist, create it
+RUN mkdir -p "$USER_HOME"
+
+# home already exists, chown it
+RUN chown -R "${PUID}:${PGID}" "$USER_HOME"
+
+# Only groupadd if we're non root
+RUN if [ "$PGID" -ne "0" ]; then \
+      echo non root group detected; \
+      groupadd \
+        --gid "$PGID" \
+        stablediffusion ;\
+    else \
+      echo "root group detected" ; \
+    fi
+
+# Only useradd if we're non root
+RUN if [ "$PUID" -ne "0" ]; then \
+      echo non root user detected; \
+      useradd \
+        --gid="$PGID" \
+        --no-user-group \
+        -M \
+        --home "$USER_HOME" \
+        stablediffusion ; \
+    else \
+      echo "root group detected" ; \
+    fi
+
 
-# add in required packages
-RUN apt-get install 'libglib2.0-0'  -y
-RUN apt-get install 'libgl1-mesa-glx' -y
-RUN apt-get install 'python-dev' -y
 
 # set this to your target branch commit
 ARG BRANCH=main SHA=e2f9bcb11d06216d6800676c48d8d74d6fd77a4b
 
 ENV ROOT=/stable-diffusion
+
+RUN chown -R "$PUID:$PGID" /stable-diffusion-webui
+
+# drop permissions (if build targets non root)
+USER $PUID:$PGID
+
 RUN --mount=type=cache,target=/root/.cache/pip \
   git clone https://github.com/lllyasviel/Fooocus.git ${ROOT} && \
   cd ${ROOT} && \
@@ -38,7 +78,7 @@ RUN --mount=type=cache,target=/root/.cache/pip \
   pip install -r requirements_versions.txt
 
 # add info
-COPY . /docker/
+COPY --chown=$PUID:$PGID . /docker
 RUN cp /docker/config.txt ${ROOT}
 RUN chmod u+x /docker/entrypoint.sh
 

From d5af00119af1250890d231597e4e7e71bab4ae3a Mon Sep 17 00:00:00 2001
From: simonmcnair <101189766+simonmcnair@users.noreply.github.com>
Date: Mon, 10 Mar 2025 20:29:31 +0000
Subject: [PATCH 4/4] Update Dockerfile

---
 services/AUTOMATIC1111/Dockerfile | 7 +++----
 1 file changed, 3 insertions(+), 4 deletions(-)

diff --git a/services/AUTOMATIC1111/Dockerfile b/services/AUTOMATIC1111/Dockerfile
index 90d3cd1..b1b9f84 100644
--- a/services/AUTOMATIC1111/Dockerfile
+++ b/services/AUTOMATIC1111/Dockerfile
@@ -65,7 +65,7 @@ RUN if [ "$PUID" -ne "0" ]; then \
     fi
 
 WORKDIR /
-RUN --mount=type=cache,target=/root/.cache/pip \
+RUN --mount=type=cache,target=${USER_HOME}/.cache/pip \
   git clone https://github.com/AUTOMATIC1111/stable-diffusion-webui.git && \
   cd stable-diffusion-webui && \
   git reset --hard v1.10.1 && \
@@ -82,7 +82,7 @@ ENV ROOT=/stable-diffusion-webui
 COPY --from=download --chown=${PUID}:${PGID} /repositories/ ${ROOT}/repositories/
 RUN mkdir ${ROOT}/interrogate && cp ${ROOT}/repositories/clip-interrogator/clip_interrogator/data/* ${ROOT}/interrogate
 
-RUN --mount=type=cache,target=/root/.cache/pip \
+RUN --mount=type=cache,target=${USER_HOME}/.cache/pip \
   pip install pyngrok xformers==0.0.26.post1 \
   git+https://github.com/TencentARC/GFPGAN.git@8d2447a2d918f8eba5a4a01463fd48e45126a379 \
   git+https://github.com/openai/CLIP.git@d50d76daa670286dd6cacf3bcd80b5e4823fc8e1 \
@@ -90,11 +90,10 @@ RUN --mount=type=cache,target=/root/.cache/pip \
 
 # there seems to be a memory leak (or maybe just memory not being freed fast enough) that is fixed by this version of malloc
 # maybe move this up to the dependencies list.
-RUN apt-get -y install libgoogle-perftools-dev && apt-get clean
 ENV LD_PRELOAD=libtcmalloc.so
 
 COPY . /docker
-
+COPY --chown=$PUID:$PGID . /docker
 RUN \
   # mv ${ROOT}/style.css ${ROOT}/user.css && \
   # one of the ugliest hacks I ever wrote \