Skip to content

Commit c18287d

Browse files
platzhershclaude
platzhersh
and
claude
authored
Fix API non-root permission issues (#22)
fix: grant non-root user access to Prisma query engine in Docker The Prisma query engine binary in site-packages was not accessible to the non-root appuser, causing "Not connected to the query engine" errors. Use chown with a glob pattern to transfer ownership of the prisma package directory to appuser, avoiding hardcoded Python version and world-readable permissions. Co-authored-by: Claude <noreply@anthropic.com>
1 parent 5fdaa2c commit c18287d

File tree

1 file changed

+3
-1
lines changed

1 file changed

+3
-1
lines changed

api/Dockerfile

Lines changed: 3 additions & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -22,7 +22,9 @@ RUN prisma generate
2222
# Create non-root user for security
2323
RUN groupadd --gid 1000 appgroup && \
2424
useradd --uid 1000 --gid appgroup --shell /bin/bash --create-home appuser && \
25-
chown -R appuser:appgroup /app
25+
chown -R appuser:appgroup /app && \
26+
# Grant non-root user ownership of Prisma query engine binary in site-packages
27+
chown -R appuser:appgroup /usr/local/lib/python*/site-packages/prisma/
2628

2729
USER appuser
2830

0 commit comments

Comments
 (0)