Add ability to change user/group for clickhouse-server docker image

This will allow to create files owned by subuid/subgid if docker is
running with userns.

docker/server/README.md

@@ -28,7 +28,7 @@ Container exposes 8123 port for [HTTP interface](https://clickhouse.yandex/docs/
 
 ClickHouse configuration represented with a file "config.xml" ([documentation](https://clickhouse.yandex/docs/en/operations/configuration_files/))
 
-### start server instance with custom configuration
+### Start server instance with custom configuration
 ```bash
 $ docker run -d --name some-clickhouse-server --ulimit nofile=262144:262144 -v /path/to/your/config.xml:/etc/clickhouse-server/config.xml yandex/clickhouse-server
 ```
@@ -36,10 +36,15 @@ $ docker run -d --name some-clickhouse-server --ulimit nofile=262144:262144 -v /
 ### Start server as custom user
 ```
 # $(pwd)/data/clickhouse should exist and be owned by current user
-$ docker run --rm --user ${UID}:${GID} --name some-clickhouse-server --ulimit nofile=262144:262144 -v "$(pwd)/data/clickhouse:/var/log/clickhouse-server" -v "$(pwd)/data/clickhouse:/var/lib/clickhouse" yandex/clickhouse-server
+$ docker run --rm --user ${UID}:${GID} --name some-clickhouse-server --ulimit nofile=262144:262144 -v "$(pwd)/logs/clickhouse:/var/log/clickhouse-server" -v "$(pwd)/data/clickhouse:/var/lib/clickhouse" yandex/clickhouse-server
 ```
 When you use the image with mounting local directories inside you probably would like to not mess your directory tree with files owner and permissions. Then you could use `--user` argument. In this case, you should mount every necessary directory (`/var/lib/clickhouse` and `/var/log/clickhouse-server`) inside the container. Otherwise, image will complain and not start.
 
+### Start server from root (useful in case of userns enabled)
+```
+$ docker run --rm -e CLICKHOUSE_UID=0 -e CLICKHOUSE_GID=0 --name clickhouse-server-userns -v "$(pwd)/logs/clickhouse:/var/log/clickhouse-server" -v "$(pwd)/data/clickhouse:/var/lib/clickhouse" yandex/clickhouse-server
+```
+
 ## How to extend this image
 
 If you would like to do additional initialization in an image derived from this one, add one or more `*.sql`, `*.sql.gz`, or `*.sh` scripts under `/docker-entrypoint-initdb.d`. After the entrypoint calls `initdb` it will run any `*.sql` files, run any executable `*.sh` scripts, and source any non-executable `*.sh` scripts found in that directory to do further initialization before starting the service.

docker/server/entrypoint.sh

@@ -1,17 +1,28 @@
 #!/bin/bash
 
-# set some vars
-CLICKHOUSE_CONFIG="${CLICKHOUSE_CONFIG:-/etc/clickhouse-server/config.xml}"
+DO_CHOWN=1
+if [ "$CLICKHOUSE_DO_NOT_CHOWN" = 1 ]; then
+    DO_CHOWN=0
+fi
+
+CLICKHOUSE_UID="${CLICKHOUSE_UID:-"$(id -u clickhouse)"}"
+CLICKHOUSE_GID="${CLICKHOUSE_GID:-"$(id -g clickhouse)"}"
+
+# support --user
 if [ x"$UID" == x0 ]; then
-    USER="$(id -u clickhouse)"
-    GROUP="$(id -g clickhouse)"
+    USER=$CLICKHOUSE_UID
+    GROUP=$CLICKHOUSE_GID
     gosu="gosu $USER:$GROUP"
 else
     USER="$(id -u)"
     GROUP="$(id -g)"
     gosu=""
+    DO_CHOWN=0
 fi
 
+# set some vars
+CLICKHOUSE_CONFIG="${CLICKHOUSE_CONFIG:-/etc/clickhouse-server/config.xml}"
+
 # port is needed to check if clickhouse-server is ready for connections
 HTTP_PORT="$(clickhouse extract-from-config --config-file $CLICKHOUSE_CONFIG --key=http_port)"
 
@@ -41,7 +52,7 @@ do
         exit 1
     fi
 
-    if [ x"$UID" == x0 ] && [ "$CLICKHOUSE_DO_NOT_CHOWN" != "1" ]; then
+    if [ "$DO_CHOWN" = "1" ]; then
         # ensure proper directories permissions
         chown -R "$USER:$GROUP" "$dir"
     elif [ "$(stat -c %u "$dir")" != "$USER" ]; then