Do not use www-data as default user

[csandanov]

1. In version 2.x of this image we had root as the default user
2. Quickly we realized that it's not good (drush and composer don't like to be run from root) and changed it to www-data. User www-data (uid/gid 82) is a de-facto standard in Alpine Linux for php-fpm, nginx, apache packages, something similar to www-data in Debian/Ubuntu
3. PR Make APP_ROOT chown optional #18 was posted making a good point that fpm and HTTP server shouldn't have write access to user's files (codebase), as the result we changed fpm user to php-fpm (1000) in 3.5.0
4. Now, we realized that the way we use www-data is completely wrong, it's a standard system user that comes with a "package" similar to www-data in Debian/Ubuntu that should be used only to run a package daemon, so it's not a usual Linux user and should not be used to log in and manage files
5. Based on 4 we decided to release 4.x version of stack where we add a new default user wodby with uid/gid 1000 to match user in most Linux distributions. PHP-FPM will run via sudo with FPM user/group set to www-data (82). User wodby will be a part of www-data group.

Feb 16th UPDATED: wodby added to www-data group

[csandanov]

Also, we now have nginx and apache as default users in HTTP servers with UID/GID different from 82 and with only read access.

[proteo]

Hi there. Many thanks for your hard work, this is a definitively a great step forward. Don't know if I'm asking too much, but do you think that could be possible to set the wodby uid/gid using variables on container basis, in a future version? In our shop we've adopted your images as base for pretty much everything we do with Drupal and Wordpress, but we use a mixture of host machines (mostly Macs and some flavors of Linux) for local development so having the ability to set custom ids would be insanely great.

[csandanov]

@proteo do you want to have docker build arguments for that? are you going to rebuild the image?

What kind of issues do you experience with non-matching uid/gid?

[proteo]

Hi @csandanov, we're actually using slightly modified versions of your repos to build customized images to match a specfic uid:gid using build arguments. For example, in Mac we use 501:20 since usually that's the uid:gid of the user running Docker and of the user working in the code. I know that you can add your user to the group 82 (_clamav in macOS) as suggested in the docker4drupal documentation, but having a matching uid makes things way easier for everybody.
But the perfect, ideal scenario, would be having the ability to set uid:gid per container, maybe using something like this which basically takes input from ENV variables set in your docker compose file or run arguments. We actually tried to do something like that, hooking some bash commands in your /bin/init_volumes script but we soon realized that there are several config directories that need to be taken care of, so simply changing the uid of the user creates access problems in these directories.

[csandanov]

I guess we could add a macos image variant with 501:20 for uid/gid. But what kind of issues do you have with non-matching uid/gid in your local environment?

[proteo]

Well, one of the most common and recurring issues is with with D7 projects (yes, we still pretty much live in the D7 realm) where you don't really have a standard process to add new code or even update the existing one. So peeps keep throwing files and never remember to update/change file permissions. But, from your response I assume that setting uid/gid per container is not a feasible thing?