Skip to content

Fix file permissions on container startup #38

New issue
New issue
Open
Open
Fix file permissions on container startup#38
Labels
agent-discoveredDiscovered by an AI agent during workinfrastructureDeployment, CI/CD, and infrastructure taskspriority: normalStandard maintenance worktype: bugSomething is not working
@mriechers

Description

@mriechers
mriechers
opened on Feb 19, 2026

Bug

Files copied into the Docker transcript-data volume (via docker cp, upload endpoint, or ingest scanner) may retain restrictive host permissions (e.g., rwx------). The container runs as appuser (non-root), which cannot read these files, causing jobs to fail with [Errno 13] Permission denied.

Reproduction

  1. Copy a file with owner-only permissions into the transcript volume
  2. Queue a job referencing that file
  3. Worker fails with Permission denied

Expected

Container startup should ensure /data/transcripts is readable by appuser.

Suggested Fix

Add chmod -R a+r /data/transcripts to entrypoint.sh, or use chown -R appuser:appuser /data/transcripts before dropping to appuser. Alternatively, fix permissions at the point of ingestion (upload endpoint, ingest scanner download).

Context

Discovered during bulk test job creation with 18 transcripts — 4 jobs failed due to this issue.

Metadata

Metadata

Assignees

No one assigned

    Labels

    agent-discoveredDiscovered by an AI agent during workinfrastructureDeployment, CI/CD, and infrastructure taskspriority: normalStandard maintenance worktype: bugSomething is not working

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions