Skip to content

fix: create logs dir and run as non-root in Dockerfile.multi#2

Merged
gummigudm merged 1 commit into
mainfrom
fix/dockerfile-logs-permission
Jun 29, 2026
Merged

fix: create logs dir and run as non-root in Dockerfile.multi#2
gummigudm merged 1 commit into
mainfrom
fix/dockerfile-logs-permission

Conversation

@gummigudm

Copy link
Copy Markdown
Collaborator

Summary

  • Pre-creates /app/api/logs/ directory owned by the node user in the final Docker stage
  • Adds USER node so the container runs as non-root (defense-in-depth, required by AKS pod security)

Context

Winston's file-stream-rotator tries to mkdir /app/api/logs/ at startup. Under AKS pod security (runAsNonRoot), this fails with EACCES: permission denied. The public upstream image either runs as root or has the directory pre-created — our fork needs it explicitly.

Test plan

  • Merge and let ACR publish workflow build the new image
  • Swap creditinfo dev helm values to crgenaiazaiorchswcmgmt.azurecr.io/librechat-azai:latest
  • Verify pod starts without EACCES error

🤖 Generated with Claude Code

The winston file-stream-rotator tries to mkdir /app/api/logs at startup.
When the container runs as a non-root UID (enforced by AKS pod security),
this fails with EACCES. Pre-create the directory owned by the node user
and switch to USER node for defense-in-depth.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@gummigudm gummigudm merged commit 4eb9918 into main Jun 29, 2026
2 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant