Merge pull request #981 from vladaurosh/main

Update default PUID and PGID, and update documentation

dockerfiles/README.md

@@ -28,6 +28,7 @@ docker run -d --rm --network=host \
   -v local_path/config:/app/config \
   -v local_path/db:/app/db \
   --mount type=tmpfs,target=/app/api \
+  -e PUID=200 -e PGID=300 \
   -e TZ=Europe/Berlin \
   -e PORT=20211 \
   jokobsk/netalertx:latest
@@ -40,6 +41,8 @@ See alternative [docked-compose examples](https://github.com/jokob-sk/NetAlertX/
 | Variable | Description | Default |
 | :------------- |:-------------| -----:|
 | `PORT`      |Port of the web interface  |  `20211` |
+| `PUID`      |Application User UID  |  `102` |
+| `PUID`      |Application User GID  |  `82` |
 | `LISTEN_ADDR`      |Set the specific IP Address for the listener address for the nginx webserver (web interface). This could be useful when using multiple subnets to hide the web interface from all untrusted networks. |  `0.0.0.0` |
 |`TZ` |Time zone to display stats correctly. Find your time zone [here](https://en.wikipedia.org/wiki/List_of_tz_database_time_zones)  |  `Europe/Berlin` |
 |`APP_CONF_OVERRIDE` | JSON override for settings, e.g. `{"SCAN_SUBNETS":"['192.168.1.0/24 --interface=eth1']","GRAPHQL_PORT":"20212"}`  |  `N/A` |

dockerfiles/init.sh

@@ -4,8 +4,8 @@ echo "---------------------------------------------------------
 [INSTALL]                                    Run init.sh
 ---------------------------------------------------------"
 
-DEFAULT_PUID=200
-DEFAULT_GID=200
+DEFAULT_PUID=102
+DEFAULT_GID=82
 
 PUID=${PUID:-${DEFAULT_PUID}}
 PGID=${PGID:-${DEFAULT_GID}}

docs/FILE_PERMISSIONS.md

@@ -5,37 +5,19 @@
 >  ``` 
 >  docker run -d --rm --network=host \
 >  -e TZ=Europe/Berlin \
+>  -e PUID=200 -e PGID=200 \
 >  -e PORT=20211 \
 >  jokobsk/netalertx:latest
 > ```
-NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (user ID 101, group ID 82 - `www-data`). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`.
+NetAlertX runs on an Nginx web server. On Alpine Linux, Nginx operates as the `nginx` user (if PUID and GID environment variables are not specified, nginx user UID will be set to 102, and its supplementary group `www-data` ID to 82). Consequently, files accessed or written by the NetAlertX application are owned by `nginx:www-data`.
 
-Upon starting, NetAlertX changes the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (ID 101 and GID 82). On different systems, this ID:GID may belong to different users (on Debian, the user with ID 82 is `uuidd`), or there may not be a user with ID 82 at all.
+Upon starting, NetAlertX changes nginx user UID and www-data GID to specified values (or defaults), and the ownership of files on the host system mapped to `/app/config` and `/app/db` in the container to `nginx:www-data`. This ensures that Nginx can access and write to these files. Since the user in the Docker container is mapped to a user on the host system by ID:GID, the files in `/app/config` and `/app/db` on the host system are owned by a user with the same ID and GID (defaults are ID 102 and GID 82). On different systems, this ID:GID may belong to different users, or there may not be a group with ID 82 at all.
 
-While this generally isn't problematic, it can cause issues for host system users needing to access these files (e.g., backup scripts). If users other than root need access to these files, it is recommended to add those users to the group with GID 82. If that group doesn't exist, it should be created.
+Option to set specific user UID and GID can be useful for host system users needing to access these files (e.g., backup scripts).
 
 ### Permissions Table for Individual Folders
 
 | Folder         | User   | User ID | Group     | Group ID | Permissions | Notes                                                               |
 |----------------|--------|---------|-----------|----------|-------------|---------------------------------------------------------------------|
-| `/app/config`  | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Ensure `nginx` can read/write; other users can read if in `www-data` |
-| `/app/db`      | nginx  | 101     | www-data  | 82       | rwxr-xr-x   | Same as above                                                       |
-
-### Steps to Add Users to Group
-
-1. **Check if group exists:**
-    ```sh
-    getent group www-data
-    ```
-
-2. **Create group if it does not exist:**
-    ```sh
-    sudo groupadd -g 82 www-data
-    ```
-
-3. **Add user to group:**
-    ```sh
-    sudo usermod -aG www-data <username>
-    ```
-
-Replace `<username>` with the actual username that requires access.
+| `/app/config`  | nginx  | PUID (default 102)     | www-data  | PGID (default 82)       | rwxr-xr-x   | Ensure `nginx` can read/write; other users can read if in `www-data` |
+| `/app/db`      | nginx  | PUID (default 102)     | www-data  | PGID (default 82)       | rwxr-xr-x   | Same as above                                                       |