diff --git a/deploy/docker-compose.local.yml b/deploy/docker-compose.local.yml
index d404ac0b..5aea78fb 100644
--- a/deploy/docker-compose.local.yml
+++ b/deploy/docker-compose.local.yml
@@ -38,7 +38,7 @@ services:
       - ./data:/app/data
       # Optional: Mount custom config.yaml (uncomment and create the file first)
       # Copy config.example.yaml to config.yaml, modify it, then uncomment:
-      # - ./config.yaml:/app/data/config.yaml:ro
+      # - ./config.yaml:/app/data/config.yaml
     environment:
       # =======================================================================
       # Auto Setup (REQUIRED for Docker deployment)
diff --git a/deploy/docker-compose.yml b/deploy/docker-compose.yml
index acd21fd9..a0bc1a60 100644
--- a/deploy/docker-compose.yml
+++ b/deploy/docker-compose.yml
@@ -30,7 +30,7 @@ services:
       - sub2api_data:/app/data
       # Optional: Mount custom config.yaml (uncomment and create the file first)
       # Copy config.example.yaml to config.yaml, modify it, then uncomment:
-      # - ./config.yaml:/app/data/config.yaml:ro
+      # - ./config.yaml:/app/data/config.yaml
     environment:
       # =======================================================================
       # Auto Setup (REQUIRED for Docker deployment)
diff --git a/deploy/docker-entrypoint.sh b/deploy/docker-entrypoint.sh
index 344429bd..47ab6bf1 100644
--- a/deploy/docker-entrypoint.sh
+++ b/deploy/docker-entrypoint.sh
@@ -6,7 +6,8 @@ set -e
 # preventing the non-root sub2api user from writing files.
 if [ "$(id -u)" = "0" ]; then
     mkdir -p /app/data
-    chown -R sub2api:sub2api /app/data
+    # Use || true to avoid failure on read-only mounted files (e.g. config.yaml:ro)
+    chown -R sub2api:sub2api /app/data 2>/dev/null || true
     # Re-invoke this script as sub2api so the flag-detection below
     # also runs under the correct user.
     exec su-exec sub2api "$0" "$@"