Fix docker permission issues (#395)

This PR fixes docker permission issues by first starting as root and
then chown-ing all the volumes. This should fix #388 #389

Dockerfile

@@ -13,7 +13,7 @@ RUN env PUBLIC_VERSION=${VERSION} PUBLIC_API_URL=${BASE_PATH} BASE_PATH=${BASE_P
 FROM ghcr.io/astral-sh/uv:python3.13-trixie-slim AS base 
 
 RUN apt-get update && \
-    apt-get install -y ca-certificates bash libtorrent21 gcc bc locales postgresql media-types mailcap curl gzip unzip tar 7zip bzip2 unar && \
+    apt-get install -y ca-certificates bash libtorrent21 gcc bc locales postgresql media-types mailcap curl gzip unzip tar 7zip bzip2 unar gosu && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
@@ -33,7 +33,6 @@ RUN chown -R mediamanager:mediamanager /app
 
 USER mediamanager
 
-# Set uv cache to a writable home directory and use copy mode for volume compatibility
 ENV UV_CACHE_DIR=/home/mediamanager/.cache/uv \
     UV_LINK_MODE=copy
 
@@ -47,6 +46,7 @@ ARG BASE_PATH=""
 LABEL author="github.com/maxdorninger"
 LABEL version=${VERSION}
 LABEL description="Docker image for MediaManager"
+USER root
 
 ENV PUBLIC_VERSION=${VERSION} \
     CONFIG_DIR="/app/config" \

mediamanager-startup.sh

@@ -145,8 +145,21 @@ else
     echo "Config file found at: $CONFIG_FILE"
 fi
 
+# permission fix
+echo "Ensuring file permissions for mediamanager user..."
+
+chown -R mediamanager:mediamanager "$CONFIG_DIR"
+
+if [ -d "/data" ]; then
+    if [ "$(stat -c '%U' /data)" != "mediamanager" ]; then
+        echo "Fixing ownership of /data (this may take a while for large libraries)..."
+        chown -R mediamanager:mediamanager /data
+    fi
+fi
+
+
 echo "Running DB migrations..."
-uv run alembic upgrade head
+gosu mediamanager uv run alembic upgrade head
 
 echo "Starting MediaManager backend service..."
 echo ""
@@ -161,7 +174,7 @@ DEVELOPMENT_MODE=${MEDIAMANAGER_MISC__DEVELOPMENT:-FALSE}
 PORT=${PORT:-8000}
 if [ "$DEVELOPMENT_MODE" == "TRUE" ]; then
     echo "Development mode is enabled, enabling auto-reload..."
-    uv run fastapi run /app/media_manager/main.py --port "$PORT" --proxy-headers --reload
+    exec gosu mediamanager uv run fastapi run /app/media_manager/main.py --port "$PORT" --proxy-headers --reload
 else
-  uv run fastapi run /app/media_manager/main.py --port "$PORT" --proxy-headers
+    exec gosu mediamanager uv run fastapi run /app/media_manager/main.py --port "$PORT" --proxy-headers
 fi

metadata_relay/Dockerfile

@@ -8,23 +8,25 @@ RUN apt-get update && apt-get install -y ca-certificates && \
     apt-get clean && \
     rm -rf /var/lib/apt/lists/*
 
-# Create a non-root user and group
 RUN groupadd -g 1000 mediamanager && \
     useradd -m -u 1000 -g mediamanager mediamanager
 
 WORKDIR /app
-# Ensure mediamanager owns the app directory
 RUN chown -R mediamanager:mediamanager /app
 
-USER mediamanager
-
-# Set uv cache to a writable home directory and use copy mode for volume compatibility
 ENV UV_CACHE_DIR=/home/mediamanager/.cache/uv \
-    UV_LINK_MODE=copy
+    UV_LINK_MODE=copy \
+    UV_COMPILE_BYTECODE=1
+
+COPY --chown=mediamanager:mediamanager pyproject.toml uv.lock ./
+
+USER mediamanager
+RUN --mount=type=cache,target=/home/mediamanager/.cache/uv,uid=1000,gid=1000 \
+    uv sync --frozen --no-install-project --no-dev
 
 COPY --chown=mediamanager:mediamanager . .
-RUN --mount=type=cache,target=/home/mediamanager/.cache/uv,uid=1000,gid=1000 \
+
-    uv sync --locked
+RUN uv sync --frozen --no-dev
 
 EXPOSE 8000
-CMD ["uv", "run", "fastapi", "run", "/app/main.py"]
+CMD ["uv", "run", "fastapi", "run", "/app/main.py", "--port", "8000", "--proxy-headers"]