Skip to content

Fix API non-root permission issues#22

Merged
platzhersh merged 1 commit intomainfrom
claude/fix-api-non-root-permissions-GfC7M
Jan 4, 2026
Merged

Fix API non-root permission issues#22
platzhersh merged 1 commit intomainfrom
claude/fix-api-non-root-permissions-GfC7M

Conversation

@platzhersh
Copy link
Owner

@platzhersh platzhersh commented Jan 4, 2026

The Prisma query engine binary in site-packages was not accessible to the non-root appuser, causing "Not connected to the query engine" errors. Add chmod to grant read/execute permissions to the prisma package directory.

Summary by CodeRabbit

  • Chores
    • Improved container filesystem ownership for database engine components to ensure proper access during initialization and runtime, enhancing startup reliability and consistency across deployments while preserving existing permissions and security controls.

✏️ Tip: You can customize this high-level summary in your review settings.

@coderabbitai
Copy link

coderabbitai bot commented Jan 4, 2026

Walkthrough

Adds a second recursive chown in api/Dockerfile to assign ownership of the Prisma query engine binary directory under site-packages to the non-root app user, in addition to the existing chown on /app.

Changes

Cohort / File(s) Summary
Dockerfile: Prisma binary ownership
api/Dockerfile
Adds a second chown -R <user>:<group> targeting the Prisma query engine directory in site-packages so the non-root app user owns the Prisma binary directory (in addition to existing /app ownership change).

Estimated code review effort

🎯 1 (Trivial) | ⏱️ ~2 minutes

Possibly related PRs

Poem

🐰 I hopped through layers, light and small,

Found a binary waiting behind a wall,
Changed its owner with a careful paw,
Now Prisma wakes and hums with awe,
Hooray — containers purr and all! 🥕

Pre-merge checks and finishing touches

✅ Passed checks (3 passed)
Check name Status Explanation
Description Check ✅ Passed Check skipped - CodeRabbit’s high-level summary is enabled.
Title check ✅ Passed The title 'Fix API non-root permission issues' directly relates to the main change: fixing permission issues for a non-root user to access the Prisma query engine in the Dockerfile.
Docstring Coverage ✅ Passed No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.
✨ Finishing touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Post copyable unit tests in a comment
  • Commit unit tests in branch claude/fix-api-non-root-permissions-GfC7M

📜 Recent review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 36eb8c7 and aa41c72.

📒 Files selected for processing (1)
  • api/Dockerfile
🚧 Files skipped from review as they are similar to previous changes (1)
  • api/Dockerfile

Comment @coderabbitai help to get the list of available commands and usage tips.

Copy link

@coderabbitai coderabbitai bot left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Actionable comments posted: 1

📜 Review details

Configuration used: Organization UI

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 5fdaa2c and 36eb8c7.

📒 Files selected for processing (1)
  • api/Dockerfile

The Prisma query engine binary in site-packages was not accessible
to the non-root appuser, causing "Not connected to the query engine"
errors. Use chown with a glob pattern to transfer ownership of the
prisma package directory to appuser, avoiding hardcoded Python version
and world-readable permissions.
@platzhersh platzhersh force-pushed the claude/fix-api-non-root-permissions-GfC7M branch from 36eb8c7 to aa41c72 Compare January 4, 2026 21:01
@platzhersh platzhersh merged commit c18287d into main Jan 4, 2026
2 checks passed
@platzhersh platzhersh deleted the claude/fix-api-non-root-permissions-GfC7M branch January 4, 2026 21:03
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants

Comments