diff --git a/Dockerfile b/Dockerfile
index b6bb0e3e..60d01354 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -36,9 +36,9 @@ RUN chmod +x /usr/local/bin/docker-entrypoint.sh
 
 # 📁 创建必要目录并设置权限
 RUN mkdir -p logs data temp && \
-    chown -R claude:nodejs /app logs data temp && \
-    chmod -R 755 /app && \
-    chmod -R 775 logs data temp
+    chown -R claude:nodejs /app && \
+    chmod 755 /app && \
+    chmod 775 logs data temp config
 
 # 🔧 预先创建配置文件避免权限问题
 RUN if [ ! -f "/app/config/config.js" ] && [ -f "/app/config/config.example.js" ]; then \
@@ -47,7 +47,8 @@ RUN if [ ! -f "/app/config/config.js" ] && [ -f "/app/config/config.example.js"
     if [ ! -f "/app/.env" ] && [ -f "/app/.env.example" ]; then \
         cp /app/.env.example /app/.env; \
     fi && \
-    chown claude:nodejs /app/config/config.js /app/.env 2>/dev/null || true
+    chown claude:nodejs /app/config/config.js /app/.env 2>/dev/null || true && \
+    chmod 664 /app/config/config.js /app/.env 2>/dev/null || true
 
 # 🔐 切换到非 root 用户
 USER claude
diff --git a/docker-entrypoint.sh b/docker-entrypoint.sh
index 49ca3b16..03c327e0 100644
--- a/docker-entrypoint.sh
+++ b/docker-entrypoint.sh
@@ -65,6 +65,11 @@ export ENCRYPTION_KEY
 if [ ! -f "/app/data/init.json" ]; then
   echo "📋 首次启动，执行初始化设置..."
   
+  # 调试权限信息
+  echo "🔍 当前用户: $(whoami)"
+  echo "🔍 data 目录权限: $(ls -ld /app/data 2>/dev/null || echo 'directory not found')"
+  echo "🔍 data 目录内容: $(ls -la /app/data 2>/dev/null || echo 'directory empty or not accessible')"
+  
   # 如果设置了环境变量，显示提示
   if [ -n "$ADMIN_USERNAME" ] || [ -n "$ADMIN_PASSWORD" ]; then
     echo "📌 检测到预设的管理员凭据"