Implement optional standard user/group creation at build

[yannoff]

Problem

Though in many scenarios, running the container as an arbitrary user may be perfectly acceptable, there are some use cases in which the user must be known to the system.

To list a few of them:

Composer

When composer is run as an arbitrary user, it will use /.composer for COMPOSER_HOME instead of ~/.composer, which may result in permission issues.

Moreover, it's impossible to chown that particular directory in the build, since the UID/GID of the user is unknown at this time.

The only remaining choice would be then to chmod the /.composer dir to 777 mode, which is, needless to say, the worth practice ever.

SSH

Every command or process using the SSH protocol will search the default ~/.ssh folder for private/public keys, known hosts, etc... which does not exist for an arbitrary user.

This is the case when the composer.json refers to private repositories with ssh-fashion urls, like [email protected].

Solution

Implement a USER build arg (plus an optional GROUP one) which will trigger - if not empty - the standard user / group creation during build with the given USER as user id / GROUP as group id.

If USER is set but GROUP has been left empty, the USER value will be used for the group id.

[yannoff]

Additionally, a USERLAND build arg, representing the standard user owned directories should be implemented.

Those dirs will be created at build time and chowned to $USER:$GROUP