fix: chown venv to PUID:PGID so ComfyUI Manager can install deps#38
Merged
ductiletoaster merged 3 commits intomainfrom Mar 11, 2026
Merged
fix: chown venv to PUID:PGID so ComfyUI Manager can install deps#38ductiletoaster merged 3 commits intomainfrom
ductiletoaster merged 3 commits intomainfrom
Conversation
The venv is created as root during build. When running as PUID:PGID, ComfyUI Manager's `uv pip install` fails with permission denied when trying to write to site-packages. Adding recursive chown of .venv in the entrypoint (matching the existing pattern for /app/ComfyUI). Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ductiletoaster
force-pushed
the
fix/venv-ownership
branch
from
a65e997 to
61656da
Compare
Create the comfy user (UID 1000) at build time and chown all files to comfy:comfy so they are not root-owned. This is a roll-forward from the pattern used prior to the gosu refactor. Changes: - Create comfy user (APP_UID/APP_GID build args, default 1000) at build time instead of dynamically in entrypoint - COPY --from=builder --chown=comfy:comfy so all files owned by comfy - chmod -R a+w on venv site-packages so ComfyUI Manager can install custom node deps at runtime regardless of the effective UID - Entrypoint detects non-root and execs directly (K8s fast path) - Root-mode gosu path unchanged for Docker Compose PUID/PGID users Deployment modes (no breaking changes): - Docker Compose: starts as root, PUID/PGID + gosu works as before - Docker Compose (default): gosu drops to 1000, files already owned - K8s: securityContext.runAsUser overrides, entrypoint skips gosu Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
ductiletoaster
force-pushed
the
fix/venv-ownership
branch
from
61656da to
ff21c2a
Compare
Document the dual entrypoint paths (root/gosu for Docker Compose, non-root for Kubernetes securityContext), build-time comfy user ownership, and world-writable site-packages for ComfyUI Manager. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
The venv is created as root during build. When running as PUID:PGID, ComfyUI Manager's
uv pip installfails with permission denied when trying to write to site-packages. Adding recursive chown of .venv in the entrypoint (matching the existing pattern for /app/ComfyUI).Code Review
Description
Please include a summary of the changes including relevant motivation and context. List any dependencies that are required for this change.
Please check the option(s) that are most relevant.
Testing & Verification
Please describe the tests that you ran to verify your changes.