From f726587ac61d709d8e9f47fcce2217cb10741894 Mon Sep 17 00:00:00 2001 From: vsecoder Date: Sat, 18 Apr 2026 22:43:31 +0300 Subject: [PATCH] fix(docker): pre-create /data as dchain user so named volumes inherit ownership MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Running Dockerfile.slim with a fresh named volume crashed on startup: [NODE] open chain: open badger: Error Creating Dir: "/data/chain" error: mkdir /data/chain: permission denied Docker copies the mount-point's directory ownership (from the image) into a new named volume at first attach. In the previous Dockerfile /data was created implicitly by the VOLUME directive, which means it was owned by root — but the container runs as the unprivileged `dchain` user, so it couldn't `mkdir /data/chain` on first boot. Fix: explicitly `mkdir /data && chown dchain:dchain /data` in the same RUN that creates the user, before the VOLUME directive. Fresh volumes now inherit dchain:dchain ownership automatically; no operator-side `docker run --user root chown` workaround needed. Operators already running with a root-owned volume from before this fix need to chown once manually: docker run --rm -v dchain_data:/data --user root alpine \ sh -c 'chown -R 100:101 /data' Co-Authored-By: Claude Opus 4.7 (1M context) --- deploy/prod/Dockerfile.slim | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) diff --git a/deploy/prod/Dockerfile.slim b/deploy/prod/Dockerfile.slim index 6b212cc..c5be894 100644 --- a/deploy/prod/Dockerfile.slim +++ b/deploy/prod/Dockerfile.slim @@ -46,7 +46,15 @@ RUN apk add --no-cache ca-certificates tzdata # Run as unprivileged user by default. Operators can override with --user root # if they need to bind privileged ports (shouldn't be necessary behind Caddy). -RUN addgroup -S dchain && adduser -S -G dchain dchain +# +# IMPORTANT: /data must exist + be owned by dchain BEFORE the VOLUME +# directive. Docker copies the directory ownership of the mount point +# into any fresh named volume at first-attach time; skip this and +# operators get "mkdir: permission denied" when the node tries to +# create /data/chain as the dchain user. +RUN addgroup -S dchain && adduser -S -G dchain dchain \ + && mkdir -p /data \ + && chown dchain:dchain /data COPY --from=builder /bin/node /usr/local/bin/node COPY --from=builder /bin/client /usr/local/bin/client