Fix/contributor uid gid

[Diggydogg]

Fix: allow runtime UID/GID change in domjudge-contributor image

Summary

The domjudge-contributor image documents that UID/GID environment variables can be used to match the host OS user, but this feature doesn't work when the host UID differs from the default 1000.

Problem

Issue 1: UIDs 1000–1005 are reserved by build-time users

The Dockerfile creates domjudge (UID 1000) and domjudge-run-0 through domjudge-run-4 (UIDs 1001–1005) at build time. Attempting to set UID to any value in this range fails because the UID is already in use.

Issue 2: USER domjudge prevents usermod at runtime

The Dockerfile ends with USER domjudge (line 123), which means PID 1 (dumb-init) runs as the domjudge user. When start.sh attempts sudo usermod -u domjudge, Linux refuses because you cannot modify a user that has running processes:

usermod: user domjudge is currently used by process 1>

When UID equals the default (1000), usermod is a no-op and succeeds. Any other value triggers the failure, making the documented UID/GID feature non-functional for its intended purpose.

Overriding with --user root fixes the usermod step, but then make maintainer-conf fails because DOMjudge's configure rejects running as root:

configure: error: installing/running as root is STRONGLY DISCOURAGED>
ref: https://app.slack.com/client/THT5URKCM/unified-files/doc/F0AJHDCEZ2P

Changes

Dockerfile:

• Removed USER domjudge (line 123)

start.sh (3 lines changed):

• Added chown -R "${UID}:${GID}" /home/domjudge after usermod — updates home directory ownership to match the new UID
• Changed make commands to su - domjudge -c "cd ${PROJECT_DIR} && make ..." — because removing USER domjudge makes the container run as root, and DOMjudge's configure rejects running as root

README.md:

• Added note about reserved UID range (1000–1005)

Fixed image available at: diggydog/domjudge-contributor-fixed:latest

[vmcj]

I want to do a bit of testing but didn't find the time yet. I don't use the contributor container on my current laptop so need to pick my old setup. The other users of the container are currently busy so it will take a bit of time.

[vmcj]

The reason (or one of them) that I didn't merge this yet is mostly that I think we should want to run as domjudge, running as root even for a development container will get flagged by other systems. I wonder if podman will even allow it for example.

[Diggydogg]

Well, I understand your concern that removing USER domjudge line in dockerfile, the container would run as root, which could causes issues. 
So I'm thinking maybe add new entrypoint script file that set domjudge user's UID/GID from env variables and fixes ownership.

still, user domjudge line in dockerfile be removed, also contianer be started as root but after the entrypoints sets UID/GID and execs gosu domjudge, the main process runs as domjudge + also need to add gosu lib in dockerfile 

How about this way? let me know if this address your concern.

[vmcj]

I'll merge this as is and do some extra follow up when I have my testing system in order. It seems rootless podman really acts different from docker and this is only a development container it makes more sense to fix your issue first and then fix it properly later.