How to run as non-root user? #550
Description
I'm struggling to get this running as a non-root user. I see there was a PR to allow it to run as non-root, but I can't seem to get it to run as non-root.
I've added `user: "1000:1000" to the mysql container as well as the bookstack container. And from a fresh install when I do a docker compose up -d, the containers write some files as the root user. If I stop the containers, chown the directories and files that the containers created, and restart the containers, they run (mostly) as expected. But I get a 500 error page when I try to access Bookstack. Checking the laravel logs, I get this every time I refresh the page:
[2025-06-09 11:39:51] production.ERROR: file_put_contents(/var/www/bookstack/storage/framework/sessions/iURQUwMl0igQAoaV9vXXU5o2yWPfqmco8js0NPK7): Failed to open stream: Permission denied {"exception":"[object] (ErrorException(code: 0): file_put_contents(/var/www/bookstack/storage/framework/sessions/iURQUwMl0igQAoaV9vXXU5o2yWPfqmco8js0NPK7): Failed to open stream: Permission denied at /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php:204) [stacktrace] #0 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(256): Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(2, 'file_put_conten...', '/var/www/bookst...', 204) #1 [internal function]: Illuminate\\Foundation\\Bootstrap\\HandleExceptions->{closure:Illuminate\\Foundation\\Bootstrap\\HandleExceptions::forwardsTo():255}(2, 'file_put_conten...', '/var/www/bookst...', 204) #2 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php(204): file_put_contents('/var/www/bookst...', 'a:4:{s:6:\"_toke...', 2) #3 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/FileSessionHandler.php(90): Illuminate\\Filesystem\\Filesystem->put('/var/www/bookst...', 'a:4:{s:6:\"_toke...', true) #4 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Store.php(176): Illuminate\\Session\\FileSessionHandler->write('iURQUwMl0igQAoa...', 'a:4:{s:6:\"_toke...') #5 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(245): Illuminate\\Session\\Store->save() #6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(130): Illuminate\\Session\\Middleware\\StartSession->saveSession(Object(BookStack\\Http\\Request)) #7 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Session/Middleware/StartSession.php(64): Illuminate\\Session\\Middleware\\StartSession->handleStatefulRequest(Object(BookStack\\Http\\Request), Object(Illuminate\\Session\\Store), Object(Closure)) #8 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Session\\Middleware\\StartSession->handle(Object(BookStack\\Http\\Request), Object(Closure)) #9 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(BookStack\\Http\\Request), Object(Closure)) #11 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(75): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #13 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\ApplyCspRules->handle(Object(BookStack\\Http\\Request), Object(Closure)) #15 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #16 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) #17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(786): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(BookStack\\Http\\Request)) #18 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(750): Illuminate\\Routing\\Router->runRoute(Object(BookStack\\Http\\Request), Object(Illuminate\\Routing\\Route)) #19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(739): Illuminate\\Routing\\Router->dispatchToRoute(Object(BookStack\\Http\\Request)) #20 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(201): Illuminate\\Routing\\Router->dispatch(Object(BookStack\\Http\\Request)) #21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(170): Illuminate\\Foundation\\Http\\Kernel->{closure:Illuminate\\Foundation\\Http\\Kernel::dispatchToRouter():198}(Object(BookStack\\Http\\Request)) #22 /var/www/bookstack/app/Http/Middleware/PreventResponseCaching.php(28): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():168}(Object(BookStack\\Http\\Request)) #23 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\PreventResponseCaching->handle(Object(BookStack\\Http\\Request), Object(Closure)) #24 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #25 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #26 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #28 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(BookStack\\Http\\Request), Object(Closure)) #29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle(Object(BookStack\\Http\\Request), Object(Closure)) #30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Http\\Middleware\\ValidatePostSize->handle(Object(BookStack\\Http\\Request), Object(Closure)) #32 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(BookStack\\Http\\Request), Object(Closure)) #34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #35 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) #36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(BookStack\\Http\\Request)) #37 /var/www/bookstack/public/index.php(23): Illuminate\\Foundation\\Http\\Kernel->handle(Object(BookStack\\Http\\Request)) #38 {main} "} [2025-06-09 11:39:51] production.ERROR: file_put_contents(/var/www/bookstack/storage/framework/views/4561ab5f867650fef08873ab7f1a0344.php): Failed to open stream: Permission denied {"exception":"[object] (ErrorException(code: 0): file_put_contents(/var/www/bookstack/storage/framework/views/4561ab5f867650fef08873ab7f1a0344.php): Failed to open stream: Permission denied at /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php:204) [stacktrace] #0 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Bootstrap/HandleExceptions.php(256): Illuminate\\Foundation\\Bootstrap\\HandleExceptions->handleError(2, 'file_put_conten...', '/var/www/bookst...', 204) #1 [internal function]: Illuminate\\Foundation\\Bootstrap\\HandleExceptions->{closure:Illuminate\\Foundation\\Bootstrap\\HandleExceptions::forwardsTo():255}(2, 'file_put_conten...', '/var/www/bookst...', 204) #2 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Filesystem/Filesystem.php(204): file_put_contents('/var/www/bookst...', '<?php $__env->s...', 0) #3 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Compilers/BladeCompiler.php(196): Illuminate\\Filesystem\\Filesystem->put('/var/www/bookst...', '<?php $__env->s...') #4 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/Engines/CompilerEngine.php(67): Illuminate\\View\\Compilers\\BladeCompiler->compile('/var/www/bookst...') #5 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/View.php(209): Illuminate\\View\\Engines\\CompilerEngine->get('/var/www/bookst...', Array) #6 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/View.php(192): Illuminate\\View\\View->getContents() #7 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/View/View.php(161): Illuminate\\View\\View->renderContents() #8 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Response.php(79): Illuminate\\View\\View->render() #9 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Response.php(35): Illuminate\\Http\\Response->setContent(Object(Illuminate\\View\\View)) #10 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ResponseFactory.php(60): Illuminate\\Http\\Response->__construct(Object(Illuminate\\View\\View), 500, Array) #11 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/ResponseFactory.php(90): Illuminate\\Routing\\ResponseFactory->make(Object(Illuminate\\View\\View), 500, Array) #12 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(894): Illuminate\\Routing\\ResponseFactory->view('errors::500', Array, 500, Array) #13 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(815): Illuminate\\Foundation\\Exceptions\\Handler->renderHttpException(Object(Symfony\\Component\\HttpKernel\\Exception\\HttpException)) #14 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(706): Illuminate\\Foundation\\Exceptions\\Handler->prepareResponse(Object(BookStack\\Http\\Request), Object(Symfony\\Component\\HttpKernel\\Exception\\HttpException)) #15 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Exceptions/Handler.php(594): Illuminate\\Foundation\\Exceptions\\Handler->renderExceptionResponse(Object(BookStack\\Http\\Request), Object(ErrorException)) #16 /var/www/bookstack/app/Exceptions/Handler.php(89): Illuminate\\Foundation\\Exceptions\\Handler->render(Object(BookStack\\Http\\Request), Object(ErrorException)) #17 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Pipeline.php(51): BookStack\\Exceptions\\Handler->render(Object(BookStack\\Http\\Request), Object(ErrorException)) #18 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(214): Illuminate\\Routing\\Pipeline->handleException(Object(BookStack\\Http\\Request), Object(ErrorException)) #19 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/AddQueuedCookiesToResponse.php(37): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #20 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Cookie\\Middleware\\AddQueuedCookiesToResponse->handle(Object(BookStack\\Http\\Request), Object(Closure)) #21 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Cookie/Middleware/EncryptCookies.php(75): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #22 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Cookie\\Middleware\\EncryptCookies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #23 /var/www/bookstack/app/Http/Middleware/ApplyCspRules.php(33): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #24 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\ApplyCspRules->handle(Object(BookStack\\Http\\Request), Object(Closure)) #25 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #26 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(807): Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) #27 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(786): Illuminate\\Routing\\Router->runRouteWithinStack(Object(Illuminate\\Routing\\Route), Object(BookStack\\Http\\Request)) #28 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(750): Illuminate\\Routing\\Router->runRoute(Object(BookStack\\Http\\Request), Object(Illuminate\\Routing\\Route)) #29 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Routing/Router.php(739): Illuminate\\Routing\\Router->dispatchToRoute(Object(BookStack\\Http\\Request)) #30 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(201): Illuminate\\Routing\\Router->dispatch(Object(BookStack\\Http\\Request)) #31 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(170): Illuminate\\Foundation\\Http\\Kernel->{closure:Illuminate\\Foundation\\Http\\Kernel::dispatchToRouter():198}(Object(BookStack\\Http\\Request)) #32 /var/www/bookstack/app/Http/Middleware/PreventResponseCaching.php(28): Illuminate\\Pipeline\\Pipeline->{closure:Illuminate\\Pipeline\\Pipeline::prepareDestination():168}(Object(BookStack\\Http\\Request)) #33 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\PreventResponseCaching->handle(Object(BookStack\\Http\\Request), Object(Closure)) #34 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/TrustProxies.php(58): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #35 /var/www/bookstack/app/Http/Middleware/TrustProxies.php(41): Illuminate\\Http\\Middleware\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #36 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): BookStack\\Http\\Middleware\\TrustProxies->handle(Object(BookStack\\Http\\Request), Object(Closure)) #37 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TransformsRequest.php(21): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #38 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/TrimStrings.php(51): Illuminate\\Foundation\\Http\\Middleware\\TransformsRequest->handle(Object(BookStack\\Http\\Request), Object(Closure)) #39 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Foundation\\Http\\Middleware\\TrimStrings->handle(Object(BookStack\\Http\\Request), Object(Closure)) #40 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Http/Middleware/ValidatePostSize.php(27): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #41 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Http\\Middleware\\ValidatePostSize->handle(Object(BookStack\\Http\\Request), Object(Closure)) #42 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Middleware/PreventRequestsDuringMaintenance.php(110): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #43 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(209): Illuminate\\Foundation\\Http\\Middleware\\PreventRequestsDuringMaintenance->handle(Object(BookStack\\Http\\Request), Object(Closure)) #44 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Pipeline/Pipeline.php(127): Illuminate\\Pipeline\\Pipeline->{closure:{closure:Illuminate\\Pipeline\\Pipeline::carry():184}:185}(Object(BookStack\\Http\\Request)) #45 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(176): Illuminate\\Pipeline\\Pipeline->then(Object(Closure)) #46 /var/www/bookstack/vendor/laravel/framework/src/Illuminate/Foundation/Http/Kernel.php(145): Illuminate\\Foundation\\Http\\Kernel->sendRequestThroughRouter(Object(BookStack\\Http\\Request)) #47 /var/www/bookstack/public/index.php(23): Illuminate\\Foundation\\Http\\Kernel->handle(Object(BookStack\\Http\\Request)) #48 {main} "} Here's my compose.yaml:
name: bookstack services: mysql: image: mysql:9.2 container_name: bookstack-mysql environment: - MYSQL_ROOT_PASSWORD=supersecret - MYSQL_DATABASE=bookstackdb - MYSQL_USER=bookstack - MYSQL_PASSWORD=secret volumes: - ./bookstack/mysql/mysql-data:/var/lib/mysql networks: - stack user: "1000:1000" restart: unless-stopped bookstack: image: solidnerd/bookstack:25.5.0 container_name: bookstack depends_on: - mysql environment: - DB_HOST=bookstack-mysql:3306 - DB_DATABASE=bookstackdb - DB_USERNAME=bookstack - DB_PASSWORD=secret - APP_URL=https://wiki.example.com - APP_KEY=c47QTuo5TmhmvgzoehsAqEsi4sH8N%mJ - APP_TIMEZONE=America/Chicago networks: - caddystack - stack volumes: - ./bookstack/bookstack/uploads:/var/www/bookstack/public/uploads - ./bookstack/bookstack/storage-uploads:/var/www/bookstack/storage/uploads - ./bookstack/bookstack/storage-logs:/var/www/bookstack/storage/logs # ports: # - "8080:8080" user: "1000:1000" restart: unless-stopped networks: caddystack: external: true stack: driver: bridge