@@ -117,18 +117,21 @@ setup_nonroot_user() {
117117 ln -sfn /root/.aws " $CLAUDE_HOME /.aws"
118118 fi
119119
120- # Handle any additional volumes mounted via -v flag
121- # These would be in /root/* and need symlinks too
122- # We'll handle common ones that users might mount
123- for item in .ssh .docker .terraform.d .kube .gitconfig .npmrc; do
124- if [ -e " /root/$item " ; then
125- echo " [entrypoint] linking $item (user-mounted)"
126- if [ -d " /root/$item " ; then
127- chmod -R 755 " /root/$item " 2> /dev/null || true
128- else
129- chmod 644 " /root/$item " 2> /dev/null || true
130- fi
131- ln -sfn " /root/$item " " $CLAUDE_HOME /$item "
120+ # Handle user-mounted volumes in /root/*
121+ # Users are responsible for setting appropriate permissions on mounted volumes
122+ # We only create symlinks without modifying permissions
123+ for item in /root/.* ; do
124+ if [ -e " $item " && [ " $item " != " /root/." && [ " $item " != " /root/.." ; then
125+ basename_item=$( basename " $item " )
126+ case " $basename_item " in
127+ .claude | .aws | .config)
128+ continue
129+ ;;
130+ * )
131+ echo " [entrypoint] linking $basename_item (user-mounted, preserving permissions)"
132+ ln -sfn " $item " " $CLAUDE_HOME /$basename_item "
133+ ;;
134+ esac
132135 fi
133136 done
134137}
@@ -138,44 +141,44 @@ build_gosu_env_cmd() {
138141 # Usage: build_gosu_env_cmd <user> <command> [args...]
139142 local user=" $1 "
140143 shift
141-
144+
142145 # Start with gosu user env
143146 local -a cmd=(gosu " $user "
144-
147+
145148 # Always set HOME and PATH
146149 cmd+=(" HOME=$CLAUDE_HOME " " PATH=$PATH "
147-
150+
148151 # Pass through proxy settings
149152 [ -n " $HTTP_PROXY " && cmd+=(" HTTP_PROXY=$HTTP_PROXY "
150153 [ -n " $HTTPS_PROXY " && cmd+=(" HTTPS_PROXY=$HTTPS_PROXY "
151154 [ -n " $NO_PROXY " && cmd+=(" NO_PROXY=$NO_PROXY "
152-
155+
153156 # Pass through Anthropic settings
154157 [ -n " $ANTHROPIC_MODEL " && cmd+=(" ANTHROPIC_MODEL=$ANTHROPIC_MODEL "
155158 [ -n " $ANTHROPIC_API_KEY " && cmd+=(" ANTHROPIC_API_KEY=$ANTHROPIC_API_KEY "
156-
159+
157160 # Pass through AWS credentials for Bedrock
158161 [ -n " $AWS_ACCESS_KEY_ID " && cmd+=(" AWS_ACCESS_KEY_ID=$AWS_ACCESS_KEY_ID "
159162 [ -n " $AWS_SECRET_ACCESS_KEY " && cmd+=(" AWS_SECRET_ACCESS_KEY=$AWS_SECRET_ACCESS_KEY "
160163 [ -n " $AWS_SESSION_TOKEN " && cmd+=(" AWS_SESSION_TOKEN=$AWS_SESSION_TOKEN "
161164 [ -n " $AWS_REGION " && cmd+=(" AWS_REGION=$AWS_REGION "
162165 [ -n " $AWS_DEFAULT_REGION " && cmd+=(" AWS_DEFAULT_REGION=$AWS_DEFAULT_REGION "
163166 [ -n " $AWS_PROFILE " && cmd+=(" AWS_PROFILE=$AWS_PROFILE "
164-
167+
165168 # Pass through Google Cloud settings for Vertex AI
166169 [ -n " $GOOGLE_APPLICATION_CREDENTIALS " && cmd+=(" GOOGLE_APPLICATION_CREDENTIALS=$GOOGLE_APPLICATION_CREDENTIALS "
167170 [ -n " $GOOGLE_CLOUD_PROJECT " && cmd+=(" GOOGLE_CLOUD_PROJECT=$GOOGLE_CLOUD_PROJECT "
168-
171+
169172 # Pass through Claude Code specific settings
170173 [ -n " $CLAUDE_CODE_USE_BEDROCK " && cmd+=(" CLAUDE_CODE_USE_BEDROCK=$CLAUDE_CODE_USE_BEDROCK "
171174 [ -n " $CLAUDE_CODE_USE_VERTEX " && cmd+=(" CLAUDE_CODE_USE_VERTEX=$CLAUDE_CODE_USE_VERTEX "
172175 [ -n " $CLAUDE_CODE_MAX_OUTPUT_TOKENS " && cmd+=(" CLAUDE_CODE_MAX_OUTPUT_TOKENS=$CLAUDE_CODE_MAX_OUTPUT_TOKENS "
173176 [ -n " $ANTHROPIC_SMALL_FAST_MODEL " && cmd+=(" ANTHROPIC_SMALL_FAST_MODEL=$ANTHROPIC_SMALL_FAST_MODEL "
174177 [ -n " $DISABLE_TELEMETRY " && cmd+=(" DISABLE_TELEMETRY=$DISABLE_TELEMETRY "
175-
178+
176179 # Add the actual command and its arguments
177180 cmd+=(" $@ "
178-
181+
179182 # Execute the command
180183 exec " ${cmd[@]} "
181184}
0 commit comments