1 files changed, 30 insertions, 2 deletions

diff --git a/docker/entrypoint.sh b/docker/entrypoint.sh
index 80a7fe586..afbc5ef6e 100755
--- a/docker/entrypoint.sh
+++ b/docker/entrypoint.sh
@@ -1,5 +1,33 @@
 #!/bin/sh
 
+# Fix permissions for mounted volumes
+# If /data is mounted from host, it might have different ownership
+# Fix this by ensuring seaweed user owns the directory
+if [ "$(id -u)" = "0" ]; then
+  # Running as root, check and fix permissions if needed
+  SEAWEED_UID=$(id -u seaweed)
+  SEAWEED_GID=$(id -g seaweed)
+  
+  # Verify seaweed user and group exist
+  if [ -z "$SEAWEED_UID" ] || [ -z "$SEAWEED_GID" ]; then
+    echo "Error: 'seaweed' user or group not found. Cannot fix permissions." >&2
+    exit 1
+  fi
+  
+  DATA_UID=$(stat -c '%u' /data 2>/dev/null)
+  DATA_GID=$(stat -c '%g' /data 2>/dev/null)
+  
+  # Only run chown -R if ownership doesn't match (much faster for subsequent starts)
+    echo "Fixing /data ownership for seaweed user (uid=$SEAWEED_UID, gid=$SEAWEED_GID)"
+    if ! chown -R seaweed:seaweed /data; then
+      echo "Warning: Failed to change ownership of /data. This may cause permission errors." >&2
+      echo "If /data is read-only or has mount issues, the application may fail to start." >&2
+    fi
+  
+  # Use su-exec to drop privileges and run as seaweed user
+  exec su-exec seaweed "$0" "$@"
+fi
+
 isArgPassed() {
   arg="$1"
   argWithEqualSign="$1="
@@ -8,10 +36,10 @@ isArgPassed() {
     passedArg="$1"
     shift
     case $passedArg in
-    $arg)
+    "$arg")
       return 0
       ;;
-    $argWithEqualSign*)
+    "$argWithEqualSign"*)
       return 0
       ;;
     esac