From 13cc4bf2e58f5981355365285b34022fcbec781e Mon Sep 17 00:00:00 2001
From: Henrik Jess Nielsen <lrihni@egmont.com>
Date: Sat, 9 May 2026 16:40:36 +0200
Subject: [PATCH] Fix Dockerfile: create /data as root before switching to
 appuser
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

mkdir /data was running after USER appuser — no permission to write to /.
Move mkdir + chown into the same RUN layer before USER switch.
---
 Dockerfile | 9 ++++-----
 1 file changed, 4 insertions(+), 5 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 365b035..d1bbd8d 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -9,13 +9,12 @@ RUN pip install --no-cache-dir -r requirements.txt
 # Copy app
 COPY app/ app/
 
-# Non-root user
-RUN useradd -r -u 1001 appuser && chown -R appuser /app
+# Data dir (will be bind-mounted read-only in production) + non-root user
+RUN mkdir -p /data && \
+    useradd -r -u 1001 appuser && \
+    chown -R appuser /app /data
 USER appuser
 
-# Data dir (will be bind-mounted read-only in production)
-RUN mkdir -p /data
-
 EXPOSE 8001
 
 ENV PORT=8001