From 329916e1f6a135a7331633b467a706b682ef7f5b Mon Sep 17 00:00:00 2001 From: hailin Date: Thu, 26 Feb 2026 12:00:02 -0800 Subject: [PATCH] fix: correct SSH key permissions in agent-service container Mount host key to /tmp/host-ssh-key (read-only), then copy to appuser's .ssh directory with correct ownership at container start. Fixes "Permission denied" due to uid mismatch on bind mount. Co-Authored-By: Claude Opus 4.6 --- Dockerfile.service | 4 +++- deploy/docker/docker-compose.yml | 2 +- 2 files changed, 4 insertions(+), 2 deletions(-) diff --git a/Dockerfile.service b/Dockerfile.service index 3960769..83ddb8a 100644 --- a/Dockerfile.service +++ b/Dockerfile.service @@ -92,4 +92,6 @@ EXPOSE ${SERVICE_PORT} ENV SERVICE_NAME=${SERVICE_NAME} ENV NODE_OPTIONS="--experimental-global-webcrypto" ENV SHELL=/bin/bash -CMD node dist/services/${SERVICE_NAME}/src/main + +# Entrypoint: copy host-mounted SSH key with correct ownership, then start service +CMD sh -c 'if [ -f /tmp/host-ssh-key ]; then cp /tmp/host-ssh-key /home/appuser/.ssh/id_ed25519 && chmod 600 /home/appuser/.ssh/id_ed25519; fi && node dist/services/${SERVICE_NAME}/src/main' diff --git a/deploy/docker/docker-compose.yml b/deploy/docker/docker-compose.yml index 1ee226e..4cd49a5 100644 --- a/deploy/docker/docker-compose.yml +++ b/deploy/docker/docker-compose.yml @@ -122,7 +122,7 @@ services: - ${HOME}/.claude:/home/appuser/.claude - ${HOME}/.claude.json:/home/appuser/.claude.json - claude_tenants:/data/claude-tenants - - ${HOME}/.ssh/id_ed25519:/home/appuser/.ssh/id_ed25519:ro + - ${HOME}/.ssh/id_ed25519:/tmp/host-ssh-key:ro environment: - DB_HOST=postgres - DB_PORT=5432