Yes, Sourcebot supports running as a non-root user! This feature was added in v4.9.1 as noted in the changelog CHANGELOG.md:479-482.

How It Works

The Dockerfile creates a dedicated sourcebot user (UID 1500, GID 1500 by default) during the image build Dockerfile:185-197. This user is added to the postgres, redis, and node groups so it can interact with the embedded services.

By default, the container runs as root for backwards compatibility — the USER directive is intentionally commented out Dockerfile:257-259. To run as a non-root user, you override the user at runtime using Docker's --user flag:

What Happens at Runtime

The entrypoint script automatically detects whether it's running as root or non-root and adjusts behavior accordingly entrypoint.sh:8-18:

• Database initialization: When running as root, it uses su postgres -c to run PostgreSQL commands. When running as non-root, it runs initdb and postgres directly entrypoint.sh:102-111 entrypoint.sh:205-211.
• Postgres role setup: When running as non-root, the entrypoint ensures the postgres role exists since the process won't be started under the postgres system user entrypoint.sh:224-228.

File Permissions

The Dockerfile ensures all relevant directories are accessible to both root and the sourcebot user:

• The /app directory is owned by sourcebot and the root group has equivalent permissions Dockerfile:244-247
• The /data directory is also owned by sourcebot Dockerfile:248-249
• All copied files use --chown=sourcebot:sourcebot Dockerfile:221-234

Custom UID/GID

You can customize the UID and GID at build time using Docker build arguments:

This is defined via the ARG directives Dockerfile:185-186.