Run temporalio/server Docker image as unprivileged?

We don’t allow Docker to run with root and I’m getting an error trying to run the temporalio/server image as an unprivileged user. Any way around this?

$ docker run -ti --user $(id -u):$(id -g) --security-opt no-new-privileges:true 433b38f1754a /bin/sh
2021/09/07 15:27:33 unable to create open ./config/docker.yaml: permission denied

$ docker run -ti --user $(id -u):$(id -g) --security-opt no-new-privileges:true 433b38f1754a /etc/temporal/entrypoint.sh
2021/09/07 15:32:13 unable to create open ./config/docker.yaml: permission denied

Yes, root user is needed all the way up to the latest server release 1.12.0.

Non-root user has been added however via PR https://github.com/temporalio/temporal/pull/1814.
This fix will be included in the next server release.

Looking at the changes, it appears that uid 1000 and gid 1000 were used for the temporal user id and group id. Under some implementations of Docker, the user is required to supply their own uid:gid to run the container, which may conflict with the 1000:1000 chosen. May I suggest using the “nobody” user to run temporal under?

Could you please file an issue and put those details so it can be addressed? Thanks.