From fa2029b1cb6b55e74295c39f2b00f32ead0fe72f Mon Sep 17 00:00:00 2001
From: James Kolpack <james.kolpack@gmail.com>
Date: Thu, 19 Mar 2026 21:44:23 -0400
Subject: [PATCH] Enhance Dockerfile to create a writable workspace under
 /srv/LeafWeb and update piscal_manager.sh to check for write permissions on
 working directories.

---
 Dockerfile                       | 7 +++++++
 piscal-manager/piscal_manager.sh | 6 +++++-
 2 files changed, 12 insertions(+), 1 deletion(-)

diff --git a/Dockerfile b/Dockerfile
index 29425d1..2caaa84 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -67,6 +67,13 @@ RUN set -xe \
 RUN set -xe \
 	&& mkdir /run/sshd
 
+# Ensure the job/workspace base under /srv is writable.
+# The client uses `/srv/${PiscalDirectoryName}/input` and `PiscalDirectoryName`
+# can itself be prefixed with `LeafWeb/...`.
+RUN set -xe \
+	&& mkdir -p /srv/LeafWeb \
+	&& chown -R ${SSH_USERNAME}:${SSH_GROUP} /srv/LeafWeb
+
 # Create storage directory structure with proper ownership
 RUN set -xe \
 	&& mkdir -p ${STORAGE_PATH}/input \
diff --git a/piscal-manager/piscal_manager.sh b/piscal-manager/piscal_manager.sh
index 1a9af66..83c6d55 100755
--- a/piscal-manager/piscal_manager.sh
+++ b/piscal-manager/piscal_manager.sh
@@ -88,7 +88,7 @@ for candidate in \
     "$PWD/$directory_name" \
     "/srv/$directory_name"
 do
-    if [ -d "$candidate/$input_directory_name" ]; then
+    if [ -d "$candidate/$input_directory_name" ] && [ -w "$candidate" ]; then
         working_directory="$candidate"
         break
     fi
@@ -109,6 +109,10 @@ if [ "$task" = "launch" ] || [ "$task" = "get_status" ] || [ "$task" = "get_stat
         echo "working directory $working_directory not found"
         exit 1
     fi
+    if [ ! -w "$working_directory" ]; then
+        echo "working directory $working_directory is not writable"
+        exit 1
+    fi
     if [ ! -d "$input_directory" ]; then
         echo "input directory $input_directory not found"
         exit 1