From 9f0ecf67daa3bcdd12a20fa3d07aad452a4b2b76 Mon Sep 17 00:00:00 2001
From: davidtio <davidtio@fosstech.biz>
Date: Sat, 28 Feb 2026 19:05:19 +0800
Subject: [PATCH] =?UTF-8?q?fix:=20revert=20uid=3D1000=20pin=20=E2=80=94=20?=
 =?UTF-8?q?compose=20sets=20user:=20"0"=20instead?=
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

In rootless Docker, uid=0 in-container = cldrzd on host (not privileged).
Pinning to uid=1000 in-container mapped to host uid=100999 (phantom UID),
which cannot write to the cldrzd-owned data directory.

The Dockerfile USER directive is overridden by compose user: "0" anyway,
so revert to a standard non-root app user without explicit uid/gid.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
---
 Dockerfile | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 6f6e2c1..cfd4965 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -19,7 +19,7 @@ RUN sbt "set test in assembly := false" assembly
 # === Runtime stage ===
 FROM eclipse-temurin:25-jre-alpine
 
-RUN addgroup -g 1000 -S app && adduser -u 1000 -S app -G app
+RUN addgroup -S app && adduser -S app -G app
 RUN mkdir -p /data && chown app:app /data
 WORKDIR /app