Allow edgedb Docker Image to *startup* and run as non-root User

[colinbjohnson]

It seems like the expected configuration for the edgedb Docker Image is to startup as the "root" user and then use "gosu" to switch toa non-root user (such as "edgedb"). What I discovered was that if the directory /var/lib/edgedb/data existed and allowed a non-root user to access then the edgedb service can be started and run as a non-root user - no need to use root or gosu at all.

My specific Dockerfile is here:

FROM edgedb/edgedb:4.5
RUN mkdir -p /var/lib/edgedb/data
RUN chown edgedb:edgedb /var/lib/edgedb/data
# set the USER here to ensure all future build and run commands are done as edgedb
USER edgedb
COPY ./dbschema /dbschema

If this is correct the challenge is in finding a way to ensure that the /var/lib/edgedb/data is writable by the user utilizing edgedb. This could be accomplished a few different ways

• simply adding this snippet above to a README.md file (I'd be happy to do that)
• by having the image only support the edgedb user
• by making the /var/lib/edgedb/data world-writable

I actually don't know if this is worth pursuing but the solution we implemented potentially allowed a less complex and (at least in perception - where a certain large enterprise required we have a non-root user specified) more secure image based on the edgedb image.