Uses a random UID/GID for mopidy/audio and allows to run as any user.

This is a breaking change but allows more safety and flexibility.

Dockerfile

@@ -1,11 +1,5 @@
 FROM debian:stretch-slim
 
-# Default configuration
-COPY mopidy.conf /var/lib/mopidy/.config/mopidy/mopidy.conf
-
-# Start helper script
-COPY entrypoint.sh /entrypoint.sh
-
 RUN set -ex \
     # Official Mopidy install for Debian/Ubuntu along with some extensions
     # (see https://docs.mopidy.com/en/latest/installation/debian/ )
@@ -37,13 +31,23 @@ RUN set -ex \
         curl \
         gcc \
  && apt-get clean \
- && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache \
-    # Limited access rights.
- && chown mopidy:audio -R /var/lib/mopidy/.config \
- && chmod +x /entrypoint.sh \
- && chown mopidy:audio /entrypoint.sh
+ && rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* ~/.cache
 
-# Run as mopidy user
+# Start helper script.
+COPY entrypoint.sh /entrypoint.sh
+
+# Default configuration.
+COPY mopidy.conf /var/lib/mopidy/.config/mopidy/mopidy.conf
+
+# Allows any user to run mopidy, but runs by default as a randomly generated UID/GID.
+ENV HOME=/var/lib/mopidy
+RUN set -ex \
+ && usermod -u 84044 mopidy \
+ && groupmod -g 84044 audio \
+ && chown mopidy:audio -R $HOME /entrypoint.sh \
+ && chmod go+rwX -R $HOME /entrypoint.sh
+
+# Runs as mopidy user by default.
 USER mopidy
 
 VOLUME ["/var/lib/mopidy/local", "/var/lib/mopidy/media"]

README.md

@@ -12,7 +12,7 @@ Containerized [**Mopidy**](https://www.mopidy.com/) music server with support fo
       * [Mopidy-SoundClound](https://docs.mopidy.com/en/latest/ext/backends/#mopidy-soundcloud) for **[SoundCloud](https://soundcloud.com/stream)**
       * [Mopidy-YouTube](https://docs.mopidy.com/en/latest/ext/backends/#mopidy-youtube) for **[YouTube](https://www.youtube.com)**
   * With [Mopidy-Moped](https://docs.mopidy.com/en/latest/ext/web/#mopidy-moped) web extension.
-  * Runs as `mopidy` user inside the container (for security reasons).
+  * Can run as any user and runs as UID/GID `84044` user inside the container by default (for security reasons).
 
 You may install additional [backend extensions](https://docs.mopidy.com/en/latest/ext/backends/).
 
@@ -48,6 +48,7 @@ First to make [audio work from within a Docker container](http://stackoverflow.c
           -v "$PWD/media:/var/lib/mopidy/media:ro" \
           -v "$PWD/local:/var/lib/mopidy/local" \
           -p 6600:6600 -p 6680:6680 \
+          --user $UID:$GID \
           wernight/mopidy \
           mopidy \
           -o spotify/username=USERNAME -o spotify/password=PASSWORD \
@@ -77,9 +78,14 @@ Volumes:
   * `/var/lib/mopidy/media` - Path to directory with local media files (optional).
   * `/var/lib/mopidy/local` - Path to directory to store local metadata such as libraries and playlists in (optional).
 
+User:
+
+  * You may run as any UID/GID, and by default it'll run as UID/GID `84044` (`mopidy:audio` from within the container).
+    The only restriction is if you want to read local media files: That the user (UID) you run as should have read access to these files.
+
 ##### Example using HTTP client to stream local files
 
- 1. Give read access to your audio files to user **102** (`mopidy`), group **29** (`audio`), or all users (e.g., `$ chgrp -R 29 $PWD/media && chmod -R g+r $PWD/media`).
+ 1. Give read access to your audio files to user **84044**, group **84044**, or all users (e.g., `$ chgrp -R 84044 $PWD/media && chmod -R g+rX $PWD/media`).
  2. Index local files:
 
         $ docker run --rm \