The root-drop guard only checked `id -u = 0`, so when the target user was
also root (MEMOS_UID=0, common under rootless Docker with userns-remap)
su-exec re-execed back into root, re-entered the block, and looped forever
without ever reaching the memos binary — the container hung with no logs.
Add a MEMOS_ENTRYPOINT_SWITCHED marker (preserved across the su-exec
re-exec) so the privilege drop runs at most once, and log the resolved
UID:GID on startup so this path is never silent again.
Closes#6061
Fixes#5551
The Docker image now runs as non-root (UID 10001) for security, but this
breaks upgrades from 0.25.3 where data files were owned by root.
Changes:
- Dockerfile: Keep USER as root, install su-exec
- entrypoint.sh: Fix ownership of /var/opt/memos, then drop to non-root
- Supports custom MEMOS_UID/MEMOS_GID env vars for flexibility
This allows seamless upgrades without manual chown on the host.