From 70ac6c132fd0272fa167b9f759a64776dc95a087 Mon Sep 17 00:00:00 2001
From: denshooter <dennis@konkol.net>
Date: Wed, 18 Feb 2026 13:26:27 +0100
Subject: [PATCH] fix: entrypoint script fixes data dir permissions at runtime

Container starts as root, creates data dirs, chowns to nextjs,
then drops to nextjs user via su-exec.

Co-authored-by: Copilot <223556219+Copilot@users.noreply.github.com>
---
 Dockerfile | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index d6887ff..5db73ac 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -28,7 +28,10 @@ COPY --from=builder /app/public ./public
 RUN mkdir -p /app/data/uploads/photos /app/data/uploads/videos /app/data/uploads/music \
   && chown -R nextjs:nodejs /app/data
 
-USER nextjs
+# Entrypoint fixes data dir permissions at runtime (volume mount overrides)
+RUN apk add --no-cache su-exec \
+  && printf '#!/bin/sh\nmkdir -p /app/data/uploads/photos /app/data/uploads/videos /app/data/uploads/music\nchown -R nextjs:nodejs /app/data 2>/dev/null || true\nexec su-exec nextjs node server.js\n' > /app/entrypoint.sh \
+  && chmod +x /app/entrypoint.sh
 
 EXPOSE 3000
-CMD ["node", "server.js"]
+CMD ["/app/entrypoint.sh"]