From 00aa212049ee856764880dee6c3990bc3dcebfb4 Mon Sep 17 00:00:00 2001
From: Jack Kingsman <jack.kingsman@gmail.com>
Date: Sun, 22 Feb 2026 12:42:11 -0800
Subject: [PATCH] Add notes about ownership glitches + using prebuilt

---
 Dockerfile          |  2 +-
 README.md           | 24 +++++++++++++++++++++++-
 docker-compose.yaml |  3 ++-
 3 files changed, 26 insertions(+), 3 deletions(-)

diff --git a/Dockerfile b/Dockerfile
index 5ab2f49..f22f31a 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -35,5 +35,5 @@ RUN mkdir -p /app/data
 
 EXPOSE 8000
 
-# Run the application
+# Run the application (we retain root for max compatibility)
 CMD ["uv", "run", "uvicorn", "app.main:app", "--host", "0.0.0.0", "--port", "8000"]
diff --git a/README.md b/README.md
index bd1cee9..042819f 100644
--- a/README.md
+++ b/README.md
@@ -106,6 +106,27 @@ The database is stored in `./data/` (bind-mounted), so the container shares the
 docker compose up -d --build
 ```
 
+To use the prebuilt Docker Hub image instead of building locally, replace:
+
+```yaml
+build: .
+```
+
+with:
+
+```yaml
+image: jkingsman/remoteterm-meshcore:latest
+```
+
+Then run:
+
+```bash
+docker compose pull
+docker compose up -d
+```
+
+The container runs as root by default for maximum serial passthrough compatibility across host setups. On Linux, if you switch between native and Docker runs, `./data` can end up root-owned. If you do not need that compatibility behavior, you can enable the optional `user: "${UID:-1000}:${GID:-1000}"` line in `docker-compose.yaml` to keep ownership aligned with your host user.
+
 To stop:
 
 ```bash
@@ -193,10 +214,11 @@ For Docker Compose, generate the cert and add the volume mounts and command over
 openssl req -x509 -newkey rsa:4096 -keyout key.pem -out cert.pem -days 365 -nodes -subj '/CN=localhost'
 ```
 
-Then add to the `remoteterm` service in `docker-compose.yaml`:
+Then add to the `remoteterm` service in `docker-compose.yaml` (keep your existing `./data:/app/data` mount):
 
 ```yaml
     volumes:
+      - ./data:/app/data
       - ./cert.pem:/app/cert.pem:ro
       - ./key.pem:/app/key.pem:ro
     command: uv run uvicorn app.main:app --host 0.0.0.0 --port 8000 --ssl-keyfile=/app/key.pem --ssl-certfile=/app/cert.pem
diff --git a/docker-compose.yaml b/docker-compose.yaml
index 212ec3e..f0897ac 100644
--- a/docker-compose.yaml
+++ b/docker-compose.yaml
@@ -1,6 +1,8 @@
 services:
   remoteterm:
     build: .
+    # Optional on Linux: run container as your host user to avoid root-owned files in ./data
+    # user: "${UID:-1000}:${GID:-1000}"
     ports:
       - "8000:8000"
     volumes:
@@ -26,4 +28,3 @@ services:
     # devices:
     #   - /dev/ttyUSB0:/dev/ttyUSB0
     restart: unless-stopped
-