Skip to content

fix: chown venv to PUID:PGID so ComfyUI Manager can install deps#38

Merged
ductiletoaster merged 3 commits intomainfrom
fix/venv-ownership
Mar 11, 2026
Merged

fix: chown venv to PUID:PGID so ComfyUI Manager can install deps#38
ductiletoaster merged 3 commits intomainfrom
fix/venv-ownership

Conversation

@ductiletoaster
Copy link
Copy Markdown
Member

The venv is created as root during build. When running as PUID:PGID, ComfyUI Manager's uv pip install fails with permission denied when trying to write to site-packages. Adding recursive chown of .venv in the entrypoint (matching the existing pattern for /app/ComfyUI).

Code Review

Description

Please include a summary of the changes including relevant motivation and context. List any dependencies that are required for this change.

Please check the option(s) that are most relevant.

  • Bug fix (non-breaking change which fixes an issue)
  • New feature (non-breaking change which adds functionality)
  • Refactor (non-breaking modification to existing code path)
  • Breaking change (fix or feature that would cause existing functionality to not work as expected)

Testing & Verification

Please describe the tests that you ran to verify your changes.

  • Provide instructions to reproduce with relevant details for your test configuration.
  • Include screenshots and/or videos showing the results of your changes.

The venv is created as root during build. When running as PUID:PGID,
ComfyUI Manager's `uv pip install` fails with permission denied when
trying to write to site-packages. Adding recursive chown of .venv in
the entrypoint (matching the existing pattern for /app/ComfyUI).

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Create the comfy user (UID 1000) at build time and chown all files to
comfy:comfy so they are not root-owned. This is a roll-forward from
the pattern used prior to the gosu refactor.

Changes:
- Create comfy user (APP_UID/APP_GID build args, default 1000) at
  build time instead of dynamically in entrypoint
- COPY --from=builder --chown=comfy:comfy so all files owned by comfy
- chmod -R a+w on venv site-packages so ComfyUI Manager can install
  custom node deps at runtime regardless of the effective UID
- Entrypoint detects non-root and execs directly (K8s fast path)
- Root-mode gosu path unchanged for Docker Compose PUID/PGID users

Deployment modes (no breaking changes):
- Docker Compose: starts as root, PUID/PGID + gosu works as before
- Docker Compose (default): gosu drops to 1000, files already owned
- K8s: securityContext.runAsUser overrides, entrypoint skips gosu

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
Document the dual entrypoint paths (root/gosu for Docker Compose,
non-root for Kubernetes securityContext), build-time comfy user
ownership, and world-writable site-packages for ComfyUI Manager.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@ductiletoaster ductiletoaster merged commit 20e3777 into main Mar 11, 2026
4 checks passed
@ductiletoaster ductiletoaster deleted the fix/venv-ownership branch March 11, 2026 12:37
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant