Run php-fpm as user www

data/init.sh

@@ -7,6 +7,10 @@ rm ./job-archive.tar.xz
 
 if [ $# -gt 0 ]; then
     if [ $1 == "dev" ]; then
+        # 101 is the uid and gid of the user and group www in the cc-php container running php-fpm.
+        # For a demo with no new jobs it is enough to give www read permissions on that directory.
+        sudo chown -R 101:101 ./job-archive
+
         mkdir -p influxdb/data
         wget https://hpc-mover.rrze.uni-erlangen.de/HPC-Data/0x7b58aefb/eig7ahyo6fo2bais0ephuf2aitohv1ai/influxdbv2-data.tar.xz
         cd influxdb/data

php-fpm/Dockerfile

@@ -77,6 +77,9 @@ COPY symfony.pool.conf /etc/php8/php-fpm.d/
 COPY entrypoint.sh /entrypoint.sh
 RUN chmod +x /entrypoint.sh
 
+RUN addgroup -S www
+RUN adduser -S -D -H -g "php-fpm user" -G www -s /sbin/nologin www
+
 ARG APP_ENVIRONMENT
 ENV APP_ENV=${APP_ENVIRONMENT}
 ENV APP_SECRET=67d829bf61dc5f87a73fd814e2c9f629

php-fpm/symfony.pool.conf

@@ -6,8 +6,8 @@
 ; Unix user/group of processes
 ; Note: The user is mandatory. If the group is not set, the default user's group
 ;       will be used.
-user = nobody
+user = www
-group = nobody
+group = www
 
 ; The address on which to accept FastCGI requests.
 ; Valid syntaxes are: