Document Docker volume permissions for OAuth storage

[Copilot]

When using OAuth token persistence with Docker, the container's nonroot user (UID 65532) cannot write to host-mounted volumes created with root ownership, causing sqlite3.OperationalError: unable to open database file.

Changes

• Quick Start section: Added permission note after docker-compose example with specific error message and fix command
• Docker Deployment section: Added "Volume Permissions for OAuth Storage" subsection explaining:
  • Root cause: nonroot user vs. root-owned volume mount
  • When it occurs: host directory created by Docker at container start
  • Solution: sudo chown -R 65532:65532 ./data/oauth
  • Environment-dependency caveat

# Create the directory if it doesn't exist
mkdir -p ./data/oauth

# Set ownership to UID 65532 (nonroot user)
sudo chown -R 65532:65532 ./data/oauth

Original prompt

---

This section details on the original issue you should resolve

<issue_title>Update README with Docker volume permissions guidance for OAuth storage</issue_title>
<issue_description>## Problem

When using Docker with OAuth token persistence, users may encounter permission issues where the container cannot write to the mounted volume at ./data/oauth.

This happens because:

• The container runs as the nonroot user (UID 65532)
• When Docker creates the volume mount from the host, it may have root:root ownership
• The nonroot user cannot write to the directory, causing sqlite3.OperationalError: unable to open database file

Solution

Users need to set the correct ownership on the host directory before starting the container:

sudo chown -R 65532:65532 ./data/oauth

Requested Changes

Update the README.md Docker deployment section to include a note about volume permissions:

1. Add a troubleshooting section or note in the Docker Compose example
2. Explain that the directory should be owned by UID 65532 (nonroot user)
3. Provide the chown command as a solution
4. Mention this is environment-dependent and may not be needed on all systems

Example Documentation Addition

**Note on Volume Permissions**: If you encounter permission errors when the container tries to write to the OAuth storage directory, you may need to set the correct ownership:

\`\`\`bash
sudo chown -R 65532:65532 ./data/oauth
\`\`\`

This ensures the nonroot user (UID 65532) in the container can write to the mounted volume.

Related

• Issue Add persistent storage backend for OAuth client tokens #47 (OAuth token persistence implementation)
• Affects Docker deployments only, not local installations</issue_description>

Comments on the Issue (you are @copilot in this section)

• Fixes Update README with Docker volume permissions guidance for OAuth storage #53

---

✨ Let Copilot coding agent set things up for you — coding agent works faster and does higher quality work when set up for your repo.

[coderabbitai]

Important

Review skipped

Bot user detected.

To trigger a single review, invoke the @coderabbitai review command.

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}