#11333: fix(docker): align host directory ownership with container user

## Summary The Docker container runs as `node` (uid 1000, gid 1000), but `docker-setup.sh` creates the config and workspace directories on the host without adjusting ownership. When the host user is root (common on Linux servers), the mounted directories are owned by `root:root`, causing `EACCES` errors when the container tries to write config files, extensions, or workspace data. ## Root Cause `docker-setup.sh` runs: ```bash mkdir -p "$OPENCLAW_CONFIG_DIR" mkdir -p "$OPENCLAW_WORKSPACE_DIR" ``` These directories inherit the host user's uid/gid (often root). The Dockerfile then runs: ```dockerfile USER node # uid 1000, gid 1000 ``` Result: the container cannot write to its own config/workspace mounts. ## Fix Add `chown` after `mkdir` to align directory ownership with the container user: - **Root host user**: `chown` is mandatory and will always succeed - **Non-root host user**: `chown` is best-effort (may already match, or may lack permission — either way the script continues) - **Custom setups** (rootless Podman, remapped uids): Override via `OPENCLAW_CONTAINER_UID` / `OPENCLAW_CONTAINER_GID` env vars ## Changes - `docker-setup.sh`: 15 lines added after `mkdir` calls ## Testing Verified the script passes `shellcheck` and `bash -n` syntax checks. The fix matches the workaround confirmed working by multiple users in the issue thread (`chown -R 1000:1000 "$HOME/.openclaw"`). Closes #5434 <!-- greptile_comment --> <h2>Greptile Overview</h2> <h3>Greptile Summary</h3> This PR updates `docker-setup.sh` to `chown` the host config and workspace directories to match the container’s `node` user (uid/gid 1000 by default, overridable via env vars), preventing `EACCES` when those host paths are bind-mounted into the container. One issue to address before merge: the ownership adjustment is not recursive, so pre-existing root-owned contents under these directories can still cause `EACCES` even though the top-level directories are fixed. <h3>Confidence Score: 4/5</h3> - Mostly safe to merge, but may not fully fix the reported EACCES scenario when directories already contain root-owned contents. - Change is localized and straightforward, but using non-recursive `chown` can leave existing files/subdirectories with wrong ownership, so the primary bug may persist for common setups that have already run the container once as root-owned mounts. - docker-setup.sh <!-- greptile_other_comments_section --> <!-- /greptile_comment -->