From 9cc471ab0a325509dfaef94cb2157bbce16d4533 Mon Sep 17 00:00:00 2001
From: Khushboo Vashi <khushboo.vashi@gmail.com>
Date: Mon, 2 Mar 2026 17:01:12 +0530
Subject: [PATCH] Revert "Customize container user permissions using PUID and
 PGID. #9657"

This reverts commit 97c90f1e692437156dfc567598de95978d2ef00e.
---
 Dockerfile               |  5 ++--
 pkg/docker/entrypoint.sh | 50 ++--------------------------------------
 2 files changed, 5 insertions(+), 50 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index fd517c43546..8277253b6f3 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -165,8 +165,7 @@ RUN apk update && apk upgrade && \
         tzdata \
         libedit \
         libldap \
-        libcap \
-        su-exec && \
+        libcap && \
     rm -rf /var/cache/apk/*
 
 # Copy in the Python packages
@@ -207,6 +206,8 @@ RUN /venv/bin/python3 -m pip install --no-cache-dir gunicorn==23.0.0 && \
     echo "pgadmin ALL = NOPASSWD: /usr/sbin/postfix start" > /etc/sudoers.d/postfix && \
     echo "pgadminr ALL = NOPASSWD: /usr/sbin/postfix start" >> /etc/sudoers.d/postfix
 
+USER 5050
+
 # Finish up
 VOLUME /var/lib/pgadmin
 EXPOSE 80 443
diff --git a/pkg/docker/entrypoint.sh b/pkg/docker/entrypoint.sh
index 280d2c74218..914a8883307 100755
--- a/pkg/docker/entrypoint.sh
+++ b/pkg/docker/entrypoint.sh
@@ -1,23 +1,4 @@
 #!/usr/bin/env bash
-PUID=${PUID:-5050}
-PGID=${PGID:-0}
-
-if [ "$(id -u)" = "0" ]; then
-    # Ensure a group with the target GID exists
-    if ! getent group "$PGID" > /dev/null 2>&1; then
-        addgroup -g "$PGID" pggroup
-    fi
-
-    # Reassign the pgadmin user to the desired UID/GID
-    usermod -o -u "$PUID" -g "$PGID" pgadmin 2>&1 || \
-        echo "WARNING: usermod failed for UID=$PUID GID=$PGID"
-
-    # Compose su-exec command
-    SU_EXEC="su-exec $PUID:$PGID"
-    echo "pgAdmin will run as UID=$PUID, GID=$PGID"
-else
-    SU_EXEC=""
-fi
 
 # Fixup the passwd file, in case we're on OpenShift
 if ! whoami > /dev/null 2>&1; then
@@ -28,27 +9,6 @@ if ! whoami > /dev/null 2>&1; then
   fi
 fi
 
-# Helper: chown a path only if it exists and isn't already owned correctly
-safe_chown() {
-    local target="$1"
-    local owner="$2:$3"  # UID:GID
-
-    # Skip if path doesn't exist
-    [ -e "$target" ] || return 0
-
-    # Get current ownership
-    local current_uid current_gid
-    current_uid=$(stat -c '%u' "$target")
-    current_gid=$(stat -c '%g' "$target")
-
-    # Skip if already owned correctly
-    if [ "$current_uid" = "$2" ] && [ "$current_gid" = "$3" ]; then
-        return 0
-    fi
-
-    chown -R "$owner" "$target"
-}
-
 # usage: file_env VAR [DEFAULT] ie: file_env 'XYZ_DB_PASSWORD' 'example'
 # (will allow for "$XYZ_DB_PASSWORD_FILE" to fill in the value of
 #  "$XYZ_DB_PASSWORD" from a file, for Docker's secrets feature)
@@ -222,12 +182,6 @@ fi
 # to define the Gunicorn worker timeout
 TIMEOUT=$(cd /pgadmin4 && /venv/bin/python3 -c 'import config; print(config.SESSION_EXPIRATION_TIME * 60 * 60 * 24)')
 
-if [ "$(id -u)" = "0" ]; then
-    for path in /run/pgadmin /var/lib/pgadmin "$CONFIG_DISTRO_FILE_PATH" /certs; do
-        safe_chown "$path" "$PUID" "$PGID"
-    done
-fi
-
 # NOTE: currently pgadmin can run only with 1 worker due to sessions implementation
 # Using --threads to have multi-threaded single-process worker
 
@@ -242,7 +196,7 @@ else
 fi
 
 if [ -n "${PGADMIN_ENABLE_TLS}" ]; then
-    exec $SU_EXEC /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" --keyfile /certs/server.key --certfile /certs/server.cert -c gunicorn_config.py run_pgadmin:app
+    exec /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" --keyfile /certs/server.key --certfile /certs/server.cert -c gunicorn_config.py run_pgadmin:app
 else
-    exec $SU_EXEC /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --limit-request-fields "${GUNICORN_LIMIT_REQUEST_FIELDS:-100}" --limit-request-field_size "${GUNICORN_LIMIT_REQUEST_FIELD_SIZE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" -c gunicorn_config.py run_pgadmin:app
+    exec /venv/bin/gunicorn --limit-request-line "${GUNICORN_LIMIT_REQUEST_LINE:-8190}" --limit-request-fields "${GUNICORN_LIMIT_REQUEST_FIELDS:-100}" --limit-request-field_size "${GUNICORN_LIMIT_REQUEST_FIELD_SIZE:-8190}" --timeout "${TIMEOUT}" --bind "${BIND_ADDRESS}" -w 1 --threads "${GUNICORN_THREADS:-25}" --access-logfile "${GUNICORN_ACCESS_LOGFILE:--}" -c gunicorn_config.py run_pgadmin:app
 fi