openclaw - 💡(How to fix) Fix [Bug]: Default named-volume mount points at /home/node/.openclaw/workspace and /home/node/.config/openclaw come up root-owned

Bug type

Behavior bug (incorrect output/state without crash)

Beta release blocker

No

Summary

When the bundled docker-compose.yml mount points are backed by Docker named volumes instead of host bind mounts, the workspace and auth-profile-secrets paths come up root:root because only /home/node/.openclaw is pre-created in the image (per #72662). First-run agent commands fail with EACCES: permission denied, open '/home/node/.openclaw/workspace/AGENTS.md'.

Steps to reproduce

Use the upstream docker-compose.yml mount layout (/home/node/.openclaw, /home/node/.openclaw/workspace, /home/node/.config/openclaw) with three named volumes instead of bind mounts. One reproduction without writing a compose file:

SUFFIX=$(date +%s)
docker run --rm \
  -v bugcheck-state-$SUFFIX:/home/node/.openclaw \
  -v bugcheck-workspace-$SUFFIX:/home/node/.openclaw/workspace \
  -v bugcheck-cfg-$SUFFIX:/home/node/.config/openclaw \
  --user root --entrypoint sh \
  ghcr.io/openclaw/openclaw:2026.5.19 \
  -c 'ls -ldn /home/node/.openclaw /home/node/.openclaw/workspace /home/node/.config/openclaw'

Then attempt any first-run agent command that writes to the workspace path (e.g. openclaw onboard, or any agent turn that needs to write AGENTS.md).

Expected behavior

All three mount points are pre-created with node:node ownership before USER node, so Docker named volumes mounted at those paths inherit node:node per Docker's tar heuristic (the same mechanism #72662 relied on for /home/node/.openclaw). First-run agent commands succeed.

Actual behavior

Only the state-dir path (/home/node/.openclaw) inherits node:node. The other two come up root:root 755. Live terminal output from the steps above against ghcr.io/openclaw/openclaw:2026.5.19:

drwx------ 3 1000 1000 4096 May 21 19:34 /home/node/.openclaw
drwxr-xr-x 2    0    0 4096 May 21 19:34 /home/node/.openclaw/workspace
drwxr-xr-x 2    0    0 4096 May 21 19:34 /home/node/.config/openclaw

node is UID 1000. The state path is node:node 700 (PR #72662 fix); the other two are root:root 755. Agent commands that write into /home/node/.openclaw/workspace/... or /home/node/.config/openclaw/... then fail with EACCES.

OpenClaw version

2026.5.19

Operating system

macOS 15 (Darwin 25.5.0) Docker Desktop. The bug is OS-independent — same root-owned mount points on Linux hosts with Docker engine. Reproduces against ghcr.io/openclaw/openclaw:2026.5.19.

Install method

docker (ghcr.io/openclaw/openclaw:2026.5.19) with the upstream docker-compose.yml mount layout, substituting named volumes for the default bind mounts.

Model

N/A — this is a pre-startup ownership issue in the image filesystem, independent of any agent model.

Provider / routing chain

N/A

Additional provider/model setup details

N/A. The reproducing setup needs only Docker and a fresh set of named volumes; no API keys, models, or channel config.

Logs, screenshots, and evidence

Terminal output from docker run against the released ghcr.io/openclaw/openclaw:2026.5.19 image with three fresh named volumes (reproduced 2026-05-21):

$ SUFFIX=$(date +%s)
$ docker run --rm \
    -v bugcheck-state-$SUFFIX:/home/node/.openclaw \
    -v bugcheck-workspace-$SUFFIX:/home/node/.openclaw/workspace \
    -v bugcheck-cfg-$SUFFIX:/home/node/.config/openclaw \
    --user root --entrypoint sh ghcr.io/openclaw/openclaw:2026.5.19 \
    -c 'ls -ldn /home/node/.openclaw /home/node/.openclaw/workspace /home/node/.config/openclaw; id node'

drwx------ 3 1000 1000 4096 May 21 19:34 /home/node/.openclaw
drwxr-xr-x 2    0    0 4096 May 21 19:34 /home/node/.openclaw/workspace
drwxr-xr-x 2    0    0 4096 May 21 19:34 /home/node/.config/openclaw
uid=1000(node) gid=1000(node) groups=1000(node)

The upstream docker-compose.yml declares all three mount points at lines 41-44 (gateway service) and 119-122 (cli service). The official docs at docs/install/docker.md document all three (OPENCLAW_CONFIG_DIR, OPENCLAW_WORKSPACE_DIR, OPENCLAW_AUTH_PROFILE_SECRET_DIR). For bind-mount users the host directory ownership masks the bug. For named-volume users the bug surfaces on every first-run.

Impact and severity

• Affected: any OpenClaw deployment using Docker named volumes for the documented mount layout. Bind-mount users are unaffected because Docker bind mounts use host directory ownership, which sidesteps the pre-creation requirement.
• Severity: medium. Blocks first-run of openclaw onboard and any agent turn that writes to workspace or auth-profile-secrets paths until an out-of-band chown is applied to the volumes. Workaround is docker compose run --user root --no-deps --entrypoint sh openclaw-gateway -c 'chown -R node:node /home/node/.openclaw/workspace /home/node/.config/openclaw' after volume creation.
• Frequency: every first-run of a fresh named-volume deployment (4/4 reproductions; the failure is deterministic).
• Consequence: failed onboarding and first-agent EACCES until manual fix. Not data-loss, but a hard stop on documented setup.

Additional information

• Prior art: This extends #72662 (merged 2026-04-27, shipped in 2026.5.18) which pre-created /home/node/.openclaw with the exact same idiom. The fix here is purely additive — apply the same install -d -m 0700 -o node -g node ... pattern to the two remaining default mount paths. Original repro #61279 by another reporter covered only the single-path case; #48072 and #63959 were earlier PR attempts before #72662 landed.
• Scope: the same approach Vincent Koc used in #72662 — install -d + stat verification before USER node. Plus a matching extension to the structural test in src/dockerfile.test.ts (pre-creates the OpenClaw home before switching to the node user) so future regressions get caught.
• Backward compatibility: bind-mount users are unaffected; the host directory mount overlays whatever's in the image.
• Happy to open a PR (mirroring the #72662 pattern) once this is triaged.