fix(install): ensure .openclaw-data ownership for sandbox user (fixes #692)

[kagura-agent]

Problem

When NemoClaw is installed via the curl installer on Linux, the .openclaw-data directories (including identity/) may be created with root ownership. When openclaw subsequently runs as the sandbox user, it gets EACCES: permission denied trying to write device-auth.json.

gateway connect failed: Error: EACCES: permission denied, open '/sandbox/.openclaw/identity/device-auth.json'

The Docker path handles this correctly (Dockerfile line 52: chown -R sandbox:sandbox), but the native install path lacks an equivalent ownership fix.

Fix

Add a fix_openclaw_data_ownership() function to scripts/nemoclaw-start.sh that runs before gateway startup:

1. Creates any missing writable subdirectories (mirrors the Dockerfile layout)
2. Fixes ownership if files are not owned by the current user
3. Creates the identity symlink if missing on native installs

This only activates when the split layout (.openclaw-data + symlinks) is present, so it's a no-op on setups that don't use this pattern.

Testing

• Verified script passes bash -n syntax check
• The fix is defensive: it uses || true for all operations so it won't break existing working setups
• Docker path is unaffected (ownership is already correct from Dockerfile)

Fixes #692

Summary by CodeRabbit

• Chores
  • Startup now prepares and normalizes the app data directory to reduce initialization issues.
  • Adds ownership and permission handling to minimize startup failures from inaccessible files.
  • Ensures required writable subdirectories and a valid identity link are present before authentication, improving startup reliability.

[coderabbitai]

No actionable comments were generated in the recent review. 🎉

ℹ️ Recent review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 005f9805-2796-4e66-8c01-a2c108c5ab95

📥 Commits

Reviewing files that changed from the base of the PR and between e8e587a and dbc54f6.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

🚧 Files skipped from review as they are similar to previous changes (1)

• scripts/nemoclaw-start.sh

---

📝 Walkthrough

Walkthrough

Adds a startup shell function in scripts/nemoclaw-start.sh that prepares ${HOME}/.openclaw-data writable subdirectories, attempts to fix ownership mismatches under that tree to the current UID/GID, and ensures ${HOME}/.openclaw/identity points to the writable identity directory before writing the auth profile.

Changes

Cohort / File(s)	Summary
Startup directory initialization scripts/nemoclaw-start.sh	Add fix_openclaw_data_ownership() which: creates expected ${HOME}/.openclaw-data subdirs (ignores mkdir errors); detects non-owned files and attempts chown -R to current UID:GID (errors suppressed); ensures ${HOME}/.openclaw/identity symlinks to ${HOME}/.openclaw-data/identity. Invoked before write_auth_profile.

Estimated code review effort

🎯 3 (Moderate) | ⏱️ ~20 minutes

Poem

🐰 I hop in dawn with whiskers bright,
I fix the folders hidden out of sight,
I nudge the links and change the chore,
So sandbox users open the door,
Permissions mended — hop, delight!

🚥 Pre-merge checks | ✅ 5

✅ Passed checks (5 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: fixing ownership issues for .openclaw-data to enable the sandbox user to write necessary files.
Linked Issues check	✅ Passed	The code changes directly address issue #692 by adding ownership and symlink fixes for .openclaw-data and identity, ensuring the runtime user can write device-auth.json.
Out of Scope Changes check	✅ Passed	All changes are scoped to the shell function for ownership/symlink fixes in nemoclaw-start.sh, directly aligned with issue #692 requirements.
Docstring Coverage	✅ Passed	Docstring coverage is 100.00% which is sufficient. The required threshold is 80.00%.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

🧪 Generate unit tests (beta)

• Create PR with unit tests

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@scripts/nemoclaw-start.sh`:
- Around line 151-155: The comment above the ownership-fix block is misleading:
the find invocation in the nemoclaw-start.sh snippet (using -maxdepth 0) only
checks the top-level directory (variable data_dir) rather than any files under
it; either update the comment to say it only checks the directory itself or
change the find behavior to check recursively (remove -maxdepth 0 and test for
any non-owned files under "$data_dir") so chown -R runs when any contained file
is misowned; locate the block referencing data_dir and the find call to apply
the fix.

---

ℹ️ Review info

⚙️ Run configuration

Configuration used: Path: .coderabbit.yaml

Review profile: CHILL

Plan: Pro

Run ID: 586bdba6-6707-415b-baad-ee3dbdcb2d2b

📥 Commits

Reviewing files that changed from the base of the PR and between c55a309 and 73c1543.

📒 Files selected for processing (1)

• scripts/nemoclaw-start.sh

[wscurran]

Thanks for fixing the issue with the ownership of the .openclaw-data directory, this helps improve the functionality of our project.

[kagura-agent]

Closing to reduce open PR count — I had too many PRs open, which adds review burden rather than helping. Happy to resubmit if this fix is still wanted.