fix: auto-fix permission issues when upgrading from 0.25.3 to 0.26.0

Fixes #5551

The Docker image now runs as non-root (UID 10001) for security, but this
breaks upgrades from 0.25.3 where data files were owned by root.

Changes:
- Dockerfile: Keep USER as root, install su-exec
- entrypoint.sh: Fix ownership of /var/opt/memos, then drop to non-root
- Supports custom MEMOS_UID/MEMOS_GID env vars for flexibility

This allows seamless upgrades without manual chown on the host.

scripts/Dockerfile

@@ -29,7 +29,7 @@ RUN --mount=type=cache,target=/go/pkg/mod \
 FROM alpine:3.21 AS monolithic
 
 # Install runtime dependencies and create non-root user in single layer
-RUN apk add --no-cache tzdata ca-certificates && \
+RUN apk add --no-cache tzdata ca-certificates su-exec && \
     addgroup -g 10001 -S nonroot && \
     adduser -u 10001 -S -G nonroot -h /var/opt/memos nonroot && \
     mkdir -p /var/opt/memos /usr/local/memos && \
@@ -39,8 +39,8 @@ RUN apk add --no-cache tzdata ca-certificates && \
 COPY --from=backend /backend-build/memos /usr/local/memos/memos
 COPY --from=backend --chmod=755 /backend-build/scripts/entrypoint.sh /usr/local/memos/entrypoint.sh
 
-# Switch to non-root user
-USER nonroot:nonroot
+# Run as root to fix permissions, entrypoint will drop to nonroot
+USER root
 
 # Set working directory to the writable volume
 WORKDIR /var/opt/memos

scripts/entrypoint.sh

 #!/usr/bin/env sh
 
+# Fix ownership of data directory for users upgrading from older versions
+# where files were created as root
+MEMOS_UID=${MEMOS_UID:-10001}
+MEMOS_GID=${MEMOS_GID:-10001}
+DATA_DIR="/var/opt/memos"
+
+if [ "$(id -u)" = "0" ]; then
+    # Running as root, fix permissions and drop to nonroot
+    if [ -d "$DATA_DIR" ]; then
+        chown -R "$MEMOS_UID:$MEMOS_GID" "$DATA_DIR" 2>/dev/null || true
+    fi
+    exec su-exec "$MEMOS_UID:$MEMOS_GID" "$0" "$@"
+fi
+
 file_env() {
    var="$1"
    fileVar="${var}_FILE"