fix: 修复非 root 用户启动

docker/310.Dockerfile

@@ -68,7 +68,7 @@ RUN set -x && \
   rm -rf /etc/apt/apt.conf.d/docker-clean && \
   ulimit -c 0
 
-RUN mkdir -p ${QL_DIR} && \
+RUN mkdir -p ${QL_DIR} ${QL_DIR}/data && \
   chown -R ${QL_UID}:${QL_GID} ${QL_DIR}
 
 USER qinglong

docker/Dockerfile

@@ -69,7 +69,7 @@ RUN set -x && \
   rm -rf /etc/apt/apt.conf.d/docker-clean && \
   ulimit -c 0
 
-RUN mkdir -p ${QL_DIR} && \
+RUN mkdir -p ${QL_DIR} ${QL_DIR}/data && \
   chown -R ${QL_UID}:${QL_GID} ${QL_DIR}
 
 USER qinglong

docker/docker-entrypoint.sh

@@ -15,9 +15,68 @@ log_with_style() {
   printf "\n[%s] [%7s]  %s\n" "${timestamp}" "${level}" "${message}"
 }
 
+# ============================================
+# 确保当前用户对 /ql 和 /ql/data 目录有写入权限
+# /ql/data 是 Docker Volume 挂载点，权限可能与 /ql 不同，需单独检测
+# ============================================
+ensure_ql_permissions() {
+  local current_uid
+  local current_gid
+  current_uid=$(id -u)
+  current_gid=$(id -g)
+
+  if [ "$current_uid" -eq 0 ]; then
+    return 0
+  fi
+
+  # ---- 检查 /ql 目录 ----
+  if ! mkdir -p "$QL_DIR/.tmp" 2>/dev/null; then
+    if chown -R "$current_uid:$current_gid" "$QL_DIR" 2>/dev/null; then
+      log_with_style "INFO" "已修正 /ql 目录权限: UID=$current_uid GID=$current_gid"
+    else
+      local ql_owner
+      ql_owner=$(stat -c '%u' "$QL_DIR" 2>/dev/null || stat -f '%u' "$QL_DIR" 2>/dev/null)
+      log_with_style "ERROR" "============================================="
+      log_with_style "ERROR" "  权限错误：无法写入 /ql 目录"
+      log_with_style "ERROR" "  当前用户 UID: $current_uid"
+      log_with_style "ERROR" "  /ql 目录所有者 UID: ${ql_owner:-未知}"
+      log_with_style "ERROR" ""
+      log_with_style "ERROR" "  解决方案："
+      log_with_style "ERROR" "  1. 使用镜像内置用户: docker run --user ${ql_owner:-5432}:${ql_owner:-5432} ..."
+      log_with_style "ERROR" "  2. 使用 root 运行: 移除 --user 参数"
+      log_with_style "ERROR" "  3. 修正宿主机数据目录: chown -R $current_uid:$current_gid /path/to/ql/data"
+      log_with_style "ERROR" "============================================="
+      exit 1
+    fi
+  fi
+  rmdir "$QL_DIR/.tmp" 2>/dev/null || true
+
+  # ---- 检查 /ql/data 目录（Volume 挂载点，不在用户数据卷内创建临时文件） ----
+  if [ ! -w "$QL_DIR/data" ] || [ ! -x "$QL_DIR/data" ]; then
+    if chown "$current_uid:$current_gid" "$QL_DIR/data" 2>/dev/null; then
+      log_with_style "INFO" "已修正 /ql/data 目录权限: UID=$current_uid GID=$current_gid"
+      if [ ! -w "$QL_DIR/data" ] || [ ! -x "$QL_DIR/data" ]; then
+        log_with_style "ERROR" "修正后仍无法写入 /ql/data，请检查挂载的数据卷权限"
+        log_with_style "ERROR" "确保宿主机目录: chown -R $current_uid:$current_gid /your/data"
+        exit 1
+      fi
+    else
+      local data_owner
+      data_owner=$(stat -c '%u' "$QL_DIR/data" 2>/dev/null || stat -f '%u' "$QL_DIR/data" 2>/dev/null)
+      log_with_style "ERROR" "============================================="
+      log_with_style "ERROR" "  权限错误：无法写入 /ql/data (Volume 挂载点)"
+      log_with_style "ERROR" "  当前用户 UID: $current_uid"
+      log_with_style "ERROR" "  /ql/data 所有者 UID: ${data_owner:-未知}"
+      log_with_style "ERROR" ""
+      log_with_style "ERROR" "  请修正宿主机数据目录权限："
+      log_with_style "ERROR" "  chown -R $current_uid:$current_gid /your/ql/data"
+      log_with_style "ERROR" "============================================="
+      exit 1
+    fi
+  fi
+}
+
 # Fix DNS resolution issues in Alpine Linux
-# Alpine uses musl libc which has known DNS resolver issues with certain domains
-# Adding ndots:0 prevents unnecessary search domain appending
 if [ -f /etc/alpine-release ]; then
   if ! grep -q "^options ndots:0" /etc/resolv.conf 2>/dev/null; then
     echo "options ndots:0" >> /etc/resolv.conf
@@ -35,6 +94,15 @@ if ! grep -qE '^::1[[:space:]]+.*localhost' /etc/hosts 2>/dev/null; then
   log_with_style "INFO" "🔧  0. 已添加 IPv6 localhost 解析"
 fi
 
+# 在一切操作之前检查目录权限
+ensure_ql_permissions
+
+# Dockerfile 中 HOME=/root，非 root 用户无法写入
+# 将 HOME 修正为临时目录，PM2/npm/pip 等工具的运行时数据无需持久化
+if [ ! -w "$HOME" ]; then
+  export HOME="$QL_DIR/.tmp"
+fi
+
 log_with_style "INFO" "🚀  1. 检测配置文件..."
 load_ql_envs
 export_ql_envs