I ran into some difficulty getting this image to work after migrating my docker deployment to enable user namespace remapping. Specifically, with user namespace remapping enabled, you also have to set BAIKAL_SKIP_CHOWN="", or else the /docker-entrypoint.d/40-fix-baikal-file-permissions.sh script will resut in a bunch of Operation not permitted errors and cause the container to die prematurely (because user dockremap is not root, and so is not allowed to chown anything).

To be clear, I am grateful we have the BAIKAL_SKIP_CHOWN option. It looks like this script was originally added in #99 as an improvement on #98, which was introduced to make it easier to dynamically switch between one web server backend and another (e.g., httpd to nginx).

Since user namespace remapping is a sensible security measure for Docker deployments (and is explicitly suggested as a workaround to #118), I think it might be good to make this permissions fix script opt-in, rather than opt-out—maybe perform a permissions check for it at startup, and then print a message to the log on how to enable it?

In any case, I don't think this is logic that should be executed by default every single time you spin up the container.