[Bug]: Security: The "langflow-data" directory permissions are too permissive

[mpawlow]

OpenRAG Version

0.4.0

Deployment Method

uv add (installed in project)

Operating System

Ubuntu 24.04 + Podman

Python Version

Python 3.13.12

Affected Area

Infrastructure

Bug Description

• Security: The "langflow-data" directory permissions are too permissive.

Two Locations

• Added chmod 777 langflow-data to the ensure-langflow-data Makefile target so all make dev-* targets pre-create the directory with world-writable permissions, matching the behaviour already present in test-ci
• Added pre-creation of the Langflow data directory with os.chmod(0o777) in setup_host_directories() so the TUI (uvx openrag) path no longer relies on Docker/Podman to create the directory on-the-fly with incorrect ownership

Steps to Reproduce

• N/A

Expected Behavior

• Langflow to continue to properly use the volume mount to the langflow-data directory with less permissive permissions (e.g. 755)

Actual Behavior

• langflow-data directory has permissive permissions (e.g. 777)

Relevant Logs

• N/A

Screenshots

• N/A

Additional Context

• Related Issues: [Bug]: Langflow service is stopping a few seconds after starting the services #1233, [Bug]: Langflow flow edits are not persisting after restart. #1127
• Work-around was implemented to bypass limitations / idiosyncrasies with file ownership / permissions when creating volume mounts on MacOS

Checklist

• I have searched existing issues to ensure this bug hasn't been reported before.
• I have provided all the requested information.

[mpawlow]

CC @lucaseduoli