Merge pull request #2 from simonmcnair/non_ROOT

make non root access possible.
2025-12-06 07:12:11 +01:00 · 2025-03-10 12:17:47 +00:00 · 2025-03-10 12:17:47 +00:00 · d53e2ddf10
parent 1fa117f333 fe5caa9066
commit d53e2ddf10
2 changed files with 49 additions and 5 deletions
--- a/services/AUTOMATIC1111/Dockerfile
+++ b/services/AUTOMATIC1111/Dockerfile
@ -24,8 +24,45 @@ RUN --mount=type=cache,target=/var/cache/apt \
  # we need those
  apt-get install -y fonts-dejavu-core rsync git jq moreutils aria2 \
  # extensions needs those
-  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential
+  ffmpeg libglfw3-dev libgles2-mesa-dev pkg-config libcairo2 libcairo2-dev build-essential && \
+  apt-get clean

+ARG PUID=0
+ARG PGID=0
+ARG USER_HOME=/root
+# set build args as container environment variables for entrypoint reference
+ENV PUID=$PUID
+ENV PGID=$PGID
+ENV USER_HOME=$USER_HOME
+
+# if user home does not exist, create it
+RUN mkdir -p "$USER_HOME"
+
+# home already exists, chown it
+RUN chown -R "${PUID}:${PGID}" "$USER_HOME"
+
+# Only groupadd if we're non root
+RUN if [ "$PGID" -ne "0" ]; then \
+      echo non root group detected; \
+      groupadd \
+        --gid "$PGID" \
+        stablediffusion ;\
+    else \
+      echo "root group detected" ; \
+    fi
+
+# Only useradd if we're non root
+RUN if [ "$PUID" -ne "0" ]; then \
+      echo non root user detected; \
+      useradd \
+        --gid="$PGID" \
+        --no-user-group \
+        -M \
+        --home "$USER_HOME" \
+        stablediffusion ; \
+    else \
+      echo "root group detected" ; \
+    fi

 WORKDIR /
 RUN --mount=type=cache,target=/root/.cache/pip \
@ -36,9 +73,13 @@ RUN --mount=type=cache,target=/root/.cache/pip \

 RUN pip install --upgrade typing-extensions

+RUN chown -R "$PUID:$PGID" /stable-diffusion-webui
+
+# drop permissions (if build targets non root)
+USER $PUID:$PGID
 ENV ROOT=/stable-diffusion-webui

-COPY --from=download /repositories/ ${ROOT}/repositories/
+COPY --from=download --chown=${PUID}:${PGID} /repositories/ ${ROOT}/repositories/
 RUN mkdir ${ROOT}/interrogate && cp ${ROOT}/repositories/clip-interrogator/clip_interrogator/data/* ${ROOT}/interrogate

 RUN --mount=type=cache,target=/root/.cache/pip \
--- a/services/AUTOMATIC1111/entrypoint.sh
+++ b/services/AUTOMATIC1111/entrypoint.sh
@ -31,7 +31,8 @@ rsync --info=NAME ${ROOT}/models/karlo/ /data/models/karlo/

 declare -A MOUNTS

-MOUNTS["/root/.cache"]="/data/.cache"
+#MOUNTS["/root/.cache"]="/data/.cache"
+MOUNTS["${USER_HOME}/.cache"]="/data/.cache"
 MOUNTS["${ROOT}/models"]="/data/models"

 MOUNTS["${ROOT}/embeddings"]="/data/embeddings"
@ -58,10 +59,12 @@ done

 echo "Installing extension dependencies (if any)"

-# because we build our container as root:
-chown -R root ~/.cache/
+chown -R $PUID:$PGID ~/.cache/
 chmod 766 ~/.cache/

+chown -R $PUID:$PGID /output
+chmod 766 /output
+
 shopt -s nullglob
 # For install.py, please refer to https://github.com/AUTOMATIC1111/stable-diffusion-webui/wiki/Developing-extensions#installpy
 list=(./extensions/*/install.py)