Launching a container with an unprivileged user

[chyundunovDatamonsters]

Feature request

The TGI container is currently running with the root user. It is not a good practice to run in productive environments. It is suggested to run the container using a user other than root - create it when building the image.
I used this solution:

FROM ghcr.io/huggingface/text-generation-inference:3.0.0-rocm
RUN groupadd --gid 2000 user \
&& useradd --uid 2000 --gid user --shell /bin/bash --create-home user
RUN usermod -a -G video,render user
USER root
RUN chown user:user /tgi-entrypoint.sh
USER user
RUN chmod +x /tgi-entrypoint.sh
ENTRYPOINT ["/tgi-entrypoint.sh"]

Motivation

It is highly advisable to use a non-root user to run containers in productive environments.

Your contribution

FROM ghcr.io/huggingface/text-generation-inference:3.0.0-rocm
RUN groupadd --gid 2000 user \
&& useradd --uid 2000 --gid user --shell /bin/bash --create-home user
RUN usermod -a -G video,render user
USER root
RUN chown user:user /tgi-entrypoint.sh
USER user
RUN chmod +x /tgi-entrypoint.sh
ENTRYPOINT ["/tgi-entrypoint.sh"]

[sebastianliebscher]

related:

• Running container rootless does not work anymore #3082
• Set uv UV_PYTHON_INSTALL_DIR explicitly #3197

[mwm5945]

this would be awesome if we could backport this to 3.1+