Running gitlab CE docker container as non root user


We are using gitlab-CE running in docker container, however its running as root.
For security purpose, running a container with root priviledges is not recommended, so we want to run the gitlab-ce container with normal user(non-root user).

We tried to run the gitlab-ce container with docker-compose using normal user flag and we have given the ownership of the normal user to the directory in which we are executing docker-compose, however its giving permission errors as below.

ln: failed to create symbolic link ‘/opt/gitlab/service/sshd’: Permission denied

Could you please guide me to fix this issue and also let us know is it possible whether to run gitlab-ce container as normal user(non-root user).

1 Like

@ravis Have you found a solution?

This might help for the first part since Docker would need to be configured properly to run as a non-root user:

as far as I see once the group membership and permissions issue is resolved, it shouldn’t be a problem. It shouldn’t be necessary to edit the Dockerfile for the deployment to tell it what user to run as, so from the Gitlab side no changes should be necessary.

The docker group though does grant root apparently, so for complete non-root, there is also this article: Run the Docker daemon as a non-root user (Rootless mode) | Docker Documentation

Did anyone find a solution?
I also ran into this issue with GitLab 15.3.1-ee.0.
GitLab is probably switching user and/or permission at some point so I guess setting the right permissions for the volume binds is necessary but I didn’t find anything documented at the GitLab docs (i.e. which UID/PID).

Also this issue is probably related.