update: dockerfile ffmpeg permission

Dockerfile

@@ -18,23 +18,27 @@ RUN apt-get update && apt-get install -y \
     imagemagick \
     && rm -rf /var/lib/apt/lists/*
 
-# Create directories with proper permissions
-WORKDIR /app
-RUN mkdir -p /app/resources/{temp_video,audio,fonts,intro} && \
-    mkdir -p /tmp/moviepy && \
-    mkdir -p /tmp/audio_temp && \
-    chmod -R 777 /app/resources && \
-    chmod -R 777 /tmp/moviepy && \
-    chmod -R 777 /tmp/audio_temp && \
-    chmod -R 777 /tmp
+# Create a non-root user
+RUN useradd -m appuser
 
-# Copy and install requirements
-COPY requirements.txt .
-RUN pip3 install -r requirements.txt
+# Set working directory
+WORKDIR /app
 
 # Copy application code
 COPY . .
 
+# Set ownership and permissions
+RUN chown -R appuser:appuser /app && \
+    chown -R appuser:appuser /tmp && \
+    chmod -R 755 /app && \
+    chmod -R 777 /tmp
+
+# Install Python dependencies
+RUN pip3 install --user -r requirements.txt
+
+# Update PATH for user's pip packages
+ENV PATH="/home/appuser/.local/bin:${PATH}"
+
 # Configure ImageMagick with more permissive policy
 RUN mv /etc/ImageMagick-6/policy.xml /etc/ImageMagick-6/policy.xml.bak || true
 RUN echo '<policymap> \
@@ -48,13 +52,8 @@ RUN echo '<policymap> \
     <policy domain="path" rights="read|write" pattern="/tmp/*"/> \
     </policymap>' > /etc/ImageMagick-6/policy.xml
 
-# Set proper permissions for the entire application
-RUN chown -R nobody:nogroup /app && \
-    chmod -R 755 /app && \
-    chmod -R 777 /tmp
-
 # Switch to non-root user
-USER nobody
+USER appuser
 
 EXPOSE 7860
 CMD ["uvicorn", "app:app", "--host", "0.0.0.0", "--port", "7860"]