The idea is:
Current Dockerfile will drop root privileges and switch to node user; when the container engine is configured to be rootless, this is annoying as the in-container node user will not match the out-container rootless user.
I suggest to have a separated rootful image (e.g. our solution) that would be published along with the other n8n images, or to have the image support the -u flag so that containers could be ran specifying a user which is not node (would be root in my use case).
My use case:
We deploy containers in rootless environments, either via podman or via rootless docker. This allows users to run containers such as n8n without root privileges, allowing for better isolation. Since n8n drops privileges and does not seems to support the -u flag (user node is enforced), running n8n in rootless environment results in non-user owned files produced by the container, making management a bit annoying.
We are currently maintaining a rootful version of the Dockerfile and entry-point script, but I believe this could be maintained upstream.
I think it would be beneficial to add this because:
Rootful docker is not a great idea and alternatives are now in place. Users adopting rootless solutions should be facilitated in deploying n8n.
Any resources to support this?
Are you willing to work on this?
Yes, I could maintain the rootless Dockerfile/Containerfile.