From 8fcdf6105f884ca0ee1ab34fbbd5aa7a3afd71f0 Mon Sep 17 00:00:00 2001 From: milan-berri Date: Fri, 30 Jan 2026 05:04:59 +0200 Subject: [PATCH] fix: run prisma generate as nobody user in non-root container (#20000) Fixes permission error where prisma generate fails with 'Permission denied' when trying to write schema.prisma in non-root containers. The issue was that prisma generate was running as root before switching to nobody user, causing generated files to be owned by root:root. Moving prisma generate after USER nobody ensures files are owned by nobody:nobody and can be written to during runtime. Fixes #19859 --- docker/Dockerfile.non_root | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/docker/Dockerfile.non_root b/docker/Dockerfile.non_root index 8c795f3b17..48109d81a2 100644 --- a/docker/Dockerfile.non_root +++ b/docker/Dockerfile.non_root @@ -170,12 +170,14 @@ RUN sed -i 's/\r$//' docker/entrypoint.sh && \ [ -n "$LITELLM_PROXY_EXTRAS_PATH" ] && chmod -R g+w $LITELLM_PROXY_EXTRAS_PATH || true && \ chmod -R g+rX $PRISMA_PATH && \ chmod -R g+rX /app/.cache && \ - mkdir -p /tmp/.npm /nonexistent /.npm && \ - prisma generate + mkdir -p /tmp/.npm /nonexistent /.npm # Switch to non-root user for runtime USER nobody +# Generate Prisma client as nobody user to ensure correct file ownership +RUN prisma generate + # Prisma runtime knobs for offline containers ENV PRISMA_SKIP_POSTINSTALL_GENERATE=1 \ PRISMA_HIDE_UPDATE_MESSAGE=1 \