jason/wfh
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

fix: create /app/data after COPY steps to prevent permission clobber

Browse Source 
The mkdir was running before the standalone COPY, which could overwrite
/app/data contents or permissions. Move it to after all COPY statements
and use chmod 700 so only nextjs owns and can write the SQLite data dir.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
jason
2026-03-13 00:38:50 -05:00
parent 716b37c6f2
commit b1fa70eba4
1 changed files with 3 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
Dockerfile
View File

@@ -34,9 +34,6 @@ ENV DATABASE_URL="file:/app/data/dev.db"
RUN addgroup --system --gid 1001 nodejs
RUN adduser --system --uid 1001 nextjs
# Create data directory for SQLite and set permissions
RUN mkdir -p /app/data && chown nextjs:nodejs /app/data
COPY --from=builder /app/public ./public
# Set the correct permission for prerender cache
@@ -49,6 +46,9 @@ COPY --from=builder --chown=nextjs:nodejs /app/.next/static ./.next/static
COPY --from=builder --chown=nextjs:nodejs /app/prisma ./prisma
COPY --from=deps --chown=nextjs:nodejs /app/node_modules ./node_modules
# Create data directory AFTER all copies so permissions are never clobbered
RUN mkdir -p /app/data && chown nextjs:nodejs /app/data && chmod 700 /app/data
USER nextjs
EXPOSE 3000