diff --git a/Dockerfile b/Dockerfile
index a1062d4..0359e97 100644
--- a/Dockerfile
+++ b/Dockerfile
@@ -69,9 +69,11 @@ RUN apk add --no-cache ca-certificates tzdata && \
     rm -rf /var/cache/apk/*
 WORKDIR /app
 COPY --from=builder /out/server /app/server
-# 确保二进制文件有执行权限
-RUN chmod +x /app/server && ls -la /app/server
+# 设置文件所有者和执行权限（在切换用户之前）
+RUN chown appuser:appuser /app/server && chmod +x /app/server
+# 创建必要的目录
+RUN mkdir -p /app/storage/export /app/log && \
+    chown -R appuser:appuser /app/storage /app/log
 EXPOSE 8077
-# 暂时使用 root 用户运行，排查权限问题
-# USER appuser:appuser
+USER appuser:appuser
 ENTRYPOINT ["/app/server"]
diff --git a/log/server-20251220.log b/log/server-20251220.log
new file mode 100644
index 0000000..0c4efff
--- /dev/null
+++ b/log/server-20251220.log
@@ -0,0 +1,10 @@
+connecting YMT MySQL: lsxd-read.rwlb.rds.aliyuncs.com:3306 db merketing user merketing
+connecting Marketing MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db market user market_root
+connecting Meta MySQL (templates/jobs): 47.97.27.195:3306 db merketing user root
+connecting Marketing Authorization MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db authorization
+connecting Marketing Reseller MySQL: market-read-only.rwlb.cn-chengdu.rds.aliyuncs.com:3306 db reseller
+gRPC server address: 121.41.108.37:30900
+gRPC user client connected to 121.41.108.37:30900
+[服务启动] 开始恢复未完成的导出任务...
+server listening on  :8077
+[任务恢复] 没有需要恢复的任务
diff --git a/scripts/deploy_docker.sh b/scripts/deploy_docker.sh
index 37e0099..c9b7409 100755
--- a/scripts/deploy_docker.sh
+++ b/scripts/deploy_docker.sh
@@ -57,7 +57,10 @@ docker run -d \
   --name "$CID_NAME" \
   --restart unless-stopped \
   -p "$PORT:8077" \
-  -v "$ROOT_DIR:/app" \
+  -v "$ROOT_DIR/storage:/app/storage" \
+  -v "$ROOT_DIR/log:/app/log" \
+  -v "$ROOT_DIR/server/config.yaml:/app/config.yaml:ro" \
+  -e CONFIG_PATH=/app/config.yaml \
   "$USE_IMAGE"
 echo "container: $CID_NAME image: $USE_IMAGE port: $PORT"