writeTextFileAtomic (sync) crashes with EPERM on Docker volumes mounted from Windows

[StbanMc]

Bug description

The synchronous writeTextFileAtomic function calls fs.chmodSync() without a try/catch, which throws EPERM: operation not permitted, chmod when running inside a Docker container with a volume mounted from a Windows host (e.g., via Docker Desktop with WSL2).

This prevents the gateway from starting or writing config/auth files on Windows+Docker setups.

Environment

• Host OS: Windows 11 (Docker Desktop with WSL2)
• Container: openclaw:local (Node.js, Linux)
• Version: 2026.3.11
• Volume mount: Windows directory → /home/node/.openclaw

Root cause

The async version of the file writer correctly wraps chmod in try/catch:

// Async version (correct) — handles EPERM gracefully
try {
    await fs.chmod(tmp, mode);
} catch {}
await fs.rename(tmp, filePath);
try {
    await fs.chmod(filePath, mode);
} catch {}

But the sync version does not:

// Sync version (broken) — throws on Docker/Windows volumes
function writeTextFileAtomic(pathname, value, mode = 384) {
    ensureDirForFile(pathname);
    const tempPath = `${pathname}.tmp-${process.pid}-${Date.now()}`;
    fs.writeFileSync(tempPath, value, "utf8");
    fs.chmodSync(tempPath, mode);   // ← EPERM here
    fs.renameSync(tempPath, pathname);
}

On Docker volumes mounted from Windows (NTFS/CIFS), chmod is not supported and throws EPERM. The async version already handles this — the sync version should too.

Error output

EPERM: operation not permitted, chmod '/home/node/.openclaw/agents/main/agent/auth-profiles.json'

Suggested fix

Wrap fs.chmodSync in a try/catch, consistent with the async version:

function writeTextFileAtomic(pathname, value, mode = 384) {
    ensureDirForFile(pathname);
    const tempPath = `${pathname}.tmp-${process.pid}-${Date.now()}`;
    fs.writeFileSync(tempPath, value, "utf8");
    try { fs.chmodSync(tempPath, mode); } catch {}
    fs.renameSync(tempPath, pathname);
}

Impact

• Blocks all Windows + Docker Desktop users from running the gateway
• Affects any auth/config file write that uses the sync path
• Easy fix, already solved in the async counterpart

[openclaw-barnacle]

This issue has been automatically marked as stale due to inactivity.
Please add updates or it will be closed.

[clawsweeper]

ClawSweeper status: review started.

I am starting a fresh review of this issue: writeTextFileAtomic (sync) crashes with EPERM on Docker volumes mounted from Windows This is item 1/1 in the current shard. Shard 11/35.

This placeholder means the worker is alive and reading the current context. I will edit this same comment with the actual review when the claws are done clicking.

Crustacean status: shell secured, claws on keyboard, evidence pebbles being sorted.

[StbanMc]

Status update — still present in 2026.5.7

I've validated this against the latest release (2026.5.7) on a Windows 11 + Docker Desktop with WSL2 setup.

The bug is still present in the code. The writeTextFileAtomic function in dist/shared-*.js remains unchanged from the description above:

function writeTextFileAtomic(pathname, value, mode = 384) {
    ensureDirForFile(pathname);
    const tempPath = `${pathname}.tmp-${process.pid}-${Date.now()}`;
    fs.writeFileSync(tempPath, value, "utf8");
    fs.chmodSync(tempPath, mode);   // still no try/catch
    fs.renameSync(tempPath, pathname);
}

Why my setup doesn't reproduce it (but the fix is still needed)

A direct repro test (fs.chmodSync(file, 0o600) on a file inside the mounted volume) succeeds for me without throwing. The reason is the volume mount type:

C:\ on /home/node/.openclaw type 9p (rw,noatime,aname=drvfs;path=C:\;
    metadata;cache=5;access=client;...)

The metadata flag in drvfs is what allows POSIX-style permissions to be emulated over NTFS in modern Docker Desktop + WSL2 backends. Without that flag (older Docker Desktop versions, WSL1, plain CIFS mounts, network shares, certain CI runners), chmod returns EPERM exactly as originally reported.

Suggested action

The async/sync inconsistency is still real and the proposed one-liner fix in the original report is still the right move:

try { fs.chmodSync(tempPath, mode); } catch {}

It's already the pattern used in the async counterpart, so applying it preserves consistency and unblocks any user whose mount doesn't support chmod.

Please don't close as stale — issue is not resolved, just not triggered on every setup.