Revert "Remove UID hack" and make UID mapping more robust

base/Dockerfile

@@ -161,7 +161,9 @@ ENV \
     DB_ROOT_PASSWORD=password \
     DB_ROOT_USER=root \
     DB_USER=default \
-    JWT_ADMIN_TOKEN=islandora
+    DEVELOPMENT_ENVIRONMENT=false \
+    JWT_ADMIN_TOKEN=islandora \
+    UID=
 
 COPY --link rootfs /
 

base/README.md

@@ -122,6 +122,16 @@ and `DB_MYSQL_PORT` variables will be used when connecting to the backend.
 > `FCREPO_DB_NAME`. This is to allow for different settings on a per-service
 > basis when sharing the same confd backend.
 
+### Development Settings
+
+When doing development with the containers it is sometimes useful to remap the
+`uid` of users in the container to match that of the host user to prevent
+permission denied errors when bind mounting files.
+
+| Environment Variable    | Default | Description                                                                                                                       |
+| :---------------------- | :------ | :-------------------------------------------------------------------------------------------------------------------------------- |
+| DEVELOPMENT_ENVIRONMENT | false   | Set to `true` if using the containers for development, runs start up scripts to remap `uid` of users inside of the container etc. |
+| UID                     |         | The `uid` of the host user                                                                                                        |
 
 [Alpine Linux]: https://alpinelinux.org
 [bearer authentication]: https://tools.ietf.org/html/rfc6750

drupal/rootfs/etc/s6-overlay/s6-rc.d/development-environment/type

@@ -0,0 +1 @@
+oneshot

drupal/rootfs/etc/s6-overlay/s6-rc.d/development-environment/up

@@ -0,0 +1,2 @@
+# Change uid of nginx user to match host.
+/etc/s6-overlay/scripts/development-environment.sh

drupal/rootfs/etc/s6-overlay/scripts/development-environment.sh

@@ -0,0 +1,41 @@
+#!/command/with-contenv bash
+# shellcheck shell=bash
+set -e
+
+# UID should only be set in the development environments.
+if [[ "${DEVELOPMENT_ENVIRONMENT}" != "true" ]]; then
+  exit 0
+fi
+
+if [[ -z "${UID}" ]]; then
+  exit 0
+fi
+
+# ensure no new lines or other non-digits
+UID=$(echo "${UID}" | tr -cd '0-9')
+
+if [ "${UID}" = "0" ]; then
+  exit 0
+fi
+
+# Get the current user for this UID (if any) - don't fail if not found
+EXISTING_USER=$(getent passwd "${UID}" 2>/dev/null | cut -d: -f1 || true)
+
+if [ -z "$EXISTING_USER" ]; then
+  # UID doesn't exist, safe to change nginx user
+  usermod -u "${UID}" nginx
+elif [ "$EXISTING_USER" != "nginx" ]; then
+  # UID exists but belongs to another user
+  # Move existing user out of the way
+  NEW_UID=$((UID + 10000))
+  usermod -u "${NEW_UID}" "$EXISTING_USER" || true
+  usermod -u "${UID}" nginx
+fi
+
+# Fix ownership if needed
+if [[ "$(stat -c %u /var/www/drupal)" != "${UID}" ]]; then
+  chown -R nginx:nginx /var/www/drupal
+fi
+
+# Always ensure nginx has access to the socket
+chown -R nginx:nginx /run/php-fpm83