Skip to content

Fix/contributor uid gid #249

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
Diggydogg wants to merge 3 commits into
base: main
Choose a base branch
from
+4 −4
Open

Fix/contributor uid gid #249

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
3 commits
Select commit Hold shift + click to select a range
b9f695c
Fix runtime UID/GID change in domjudge-contributor image
Diggydogg Mar 5, 2026
c759555
docs: add note about reserved UID/GID range in contributor README
Diggydogg Mar 5, 2026
215e50b
newline added in start.sh
Diggydogg Mar 15, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
1 change: 0 additions & 1 deletion docker-contributor/Dockerfile
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -120,7 +120,6 @@ COPY ["supervisor", "/etc/supervisor/conf.d/"]
COPY ["sudoers-domjudge", "/etc/sudoers.d/domjudge"]
RUN chmod 440 /etc/sudoers.d/domjudge

USER domjudge
Copy link
Copy Markdown
Member

@vmcj vmcj Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

The reason (or one of them) that I didn't merge this yet is mostly that I think we should want to run as domjudge, running as root even for a development container will get flagged by other systems. I wonder if podman will even allow it for example.

Copy link
Copy Markdown
Author

@Diggydogg Diggydogg Mar 23, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Well, I understand your concern that removing USER domjudge line in dockerfile, the container would run as root, which could causes issues. 
So I'm thinking maybe add new entrypoint script file that set domjudge user's UID/GID from env variables and fixes ownership.

still, user domjudge line in dockerfile be removed, also contianer be started as root but after the entrypoints sets UID/GID and execs gosu domjudge, the main process runs as domjudge + also need to add gosu lib in dockerfile 

How about this way? let me know if this address your concern.

Copy link
Copy Markdown
Member

@vmcj vmcj Apr 8, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I'll merge this as is and do some extra follow up when I have my testing system in order. It seems rootless podman really acts different from docker and this is only a development container it makes more sense to fix your issue first and then fix it properly later.


# Expose HTTP port
EXPOSE 80
2 changes: 1 addition & 1 deletion docker-contributor/README.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ bin/dj_setup_database install-examples

The following environment variables are supported by the container:

* `UID` (defaults to `1000`): the ID of the user to run DOMjudge as. Should match the host OS user ID.
* `UID` (defaults to `1000`): the ID of the user to run DOMjudge as. Should match the host OS user ID. **Note:** UIDs 1000–1005 are reserved by build-time users (`domjudge`, `domjudge-run-0` through `domjudge-run-4`) and cannot be used as custom values. Use a UID of 1006 or higher.
* `GID` (defaults to `1000`): the ID of the group to run DOMjudge as. Should match the host OS group ID.
* `CONTAINER_TIMEZONE` (defaults to `Europe/Amsterdam`): allows you to change the timezone used inside the container.
* `MYSQL_HOST` (defaults to `mariadb`): set the host to connect to for MySQL. Can be hostname or IP. Docker will add hostnames for any containers you `--link`, so in the example above, the MariaDB container will be available under the hostname `mariadb`.
Expand Down
5 changes: 3 additions & 2 deletions docker-contributor/scripts/start.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -12,6 +12,7 @@ function file_or_env {
echo "[..] Changing user/group ID"
sudo groupmod -g "${GID}" domjudge
sudo usermod -u "${UID}" domjudge
chown -R "${UID}:${GID}" /home/domjudge
echo "[ok] User ID set to ${UID} and group ID set to ${GID}"; echo

echo "[..] Setting timezone"
Expand Down Expand Up @@ -68,8 +69,8 @@ then
echo "Skipping maintainer-mode install for DOMjudge"
else
echo "[..] Performing maintainer-mode install for DOMjudge"
make maintainer-conf CONFIGURE_FLAGS="--with-baseurl=http://localhost/ --with-webserver-group=domjudge"
make maintainer-install
su - domjudge -c "cd ${PROJECT_DIR} && make maintainer-conf CONFIGURE_FLAGS='--with-baseurl=http://localhost/ --with-webserver-group=domjudge'"
su - domjudge -c "cd ${PROJECT_DIR} && make maintainer-install"
echo "[ok] DOMjudge installed in Maintainer-mode"; echo
fi

Expand Down
Loading