diff --git a/Dockerfile b/Dockerfile
index ec5f08c..89d6883 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -13,22 +13,23 @@ RUN if [ -f package-lock.json ]; then npm ci --omit=dev; else npm install --prod
 # 复制应用源代码
 COPY . .
 
-# 创建数据库目录
-RUN mkdir -p database
-
-# 设置数据库文件权限
-RUN touch database/shop.db && chmod 666 database/shop.db
-
-# 暴露端口
-EXPOSE 3000
-
 # 创建非root用户
 RUN addgroup -g 1001 -S nodejs
 RUN adduser -S nodejs -u 1001
 
-# 更改目录所有权
-RUN chown -R nodejs:nodejs /app
+# 创建数据库目录并设置权限
+RUN mkdir -p database && \
+    touch database/shop.db && \
+    chown -R nodejs:nodejs /app && \
+    chmod -R 755 /app && \
+    chmod 777 database && \
+    chmod 666 database/shop.db
+
+# 切换到非root用户
 USER nodejs
 
+# 暴露端口
+EXPOSE 3000
+
 # 启动应用
 CMD ["npm", "start"]
\ No newline at end of file
diff --git a/docker-compose.yml b/docker-compose.yml
index d11d6e1..84bd559 100644
--- a/docker-compose.yml
+++ b/docker-compose.yml
@@ -7,16 +7,17 @@ services:
       - "3001:3000"
     environment:
       - NODE_ENV=production
-      - PORT=3001
+      - PORT=3000
       # UPay配置 - 生产环境时需要修改这些值
       - UPAY_APP_ID=${UPAY_APP_ID:-M1C40DvS}
       - UPAY_APP_SECRET=${UPAY_APP_SECRET:-a2nqkkqRb09LIe87}
     volumes:
       # 持久化数据库文件
-      - ./database:/app/database
+      - ./database:/app/database:rw
       # 持久化上传的图片（如果有）
-      - ./public/images:/app/public/images
+      - ./public/images:/app/public/images:rw
     restart: unless-stopped
+    user: "1001:1001"
     healthcheck:
       test: ["CMD", "wget", "--no-verbose", "--tries=1", "--spider", "http://localhost:3000"]
       timeout: 5s