Docker compose user is different than Dockerfile user

I have a container I am defining in a Dockerfile:

FROM python:3.9-alpine

WORKDIR /usr/app/

COPY src/backend/ .

RUN apk add acl
RUN pip install -r requirements.txt

RUN adduser -D game wheel
RUN setfacl -Rdm u:game:rwx /usr/app/
RUN chown -hR game /usr/app/ && chown -hR game /var/log/
USER game
HEALTHCHECK CMD curl --fail http://localhost:5000 || exit 1

CMD [ "python", "./src/app.py" ]

The intention is to run the container as ‘game’ user. The docker-compose file portion defining this service is this:

server:
    container_name: "server"
    user: game
    build:
      context: .
      dockerfile: ./src/backend/Dockerfile
    volumes:
      - ./src/backend/:/usr/app
    ports:
      - 5000:5000
    depends_on:
      - redis

I am hitting a permissions error trying to access the /usr/app/ directory when running “docker compose up -d” but not when running “docker run” on the server image directly. The question: why those two commands have a different user executing the command? Both should be the game user from the Dockerfile.

What are the docker run parameters you use?

I am using “docker run -it server_image” where server_image is built by the server Dockerfile.

You set a dedicated user in compose but not with docker run. That might be the reason it shows different behavior.