Is there a way to run ESPhome in docker with custom UID and GID

blupick · January 7, 2024, 3:56am

Hi,

I’m wondering if there is a way to run the ESPHome with a custom UID and GID rather than as root.

Here’s my compose file

esphome:
    image: ghcr.io/esphome/esphome
    network: host
	container_name: esphome
    user: 1005:1005
    volumes:
      - /opt/docker/appdata/esphome:/config
      - /etc/localtime:/etc/localtime:ro
    ports:
      - 6052:6052 # web gui.
    devices:
      - /dev/ttyUSB0:/dev/ttyUSB0
    restart: unless-stopped

When I include the user: section I get an error related to the platform.io. Adding the below to my file fixes that as seen here

environment:
     PLATFORMIO_CORE_DIR: .plattformio
     PLATFORMIO_GLOBALLIB_DIR: .plattformioLibs

But after that, esphome is then unable to access ttyUSB0 with a permissions issue. This can only be fixed my removing the user: 1005:1005 section and going back to root.

Does anyone know a way to get a non root user to work with the ESPHome container?

Extra info:
When I go into the container shell I can see that the user is “I have no name!@etc”.
I have tried adding the esphome user (1005) to the dialout group but that was no help either.

netmindz · January 7, 2024, 12:30pm

You will need to look at the permissions of the serial port, see what the group membership is and then ensure the user you are setting the uid to is a member of that same group

tmjpugh · January 7, 2024, 2:37pm

The docker user is mapped to user in host system

If you login to host(Linux?) and look at /etc/passwd you will see a list of user on system

You should ensure 1005 exist and has proper permissions. Read about Linux groups and users. Some say it is better to run container as non root and others say it makes no difference. I’m with the former. I usually create individual user/group for each container and provide user with no home directory and no login capability. Only in cases where usb or other device is used by container do you need ton grant the user additional permissions.

blupick · January 8, 2024, 11:14am

The user exists on the host and like you I have an individual user/group for each container and the user has no login capability.

esphome:x:1005:1005::/home/esphome:/bin/nologin

I’m guessing my problem is with these additional permissions that you mention. What permissions are they exactly and how do I go about changing them?

Edit: Doing my best to look into it. By permissions do you mean changing the owner (to esphome) of ttyUSB0 as well? Perhaps creating a udev rule for the specific device?

blupick · January 8, 2024, 11:17am

The group membership for the dev/ttyUSB0 is dialout, I added my esphome (1005) user to that group via the host.

As seen in etc/group

dialout:x:20:esphome

Do you know of any other location I need to look at?

ptr727 · June 15, 2024, 3:25am

FYI: GitHub - ptr727/ESPHome-NonRoot: ESPHome docker container that supports non-root operation