diff --git a/installer/Dockerfile b/installer/Dockerfile
index 790673d44..34aae093a 100644
--- a/installer/Dockerfile
+++ b/installer/Dockerfile
@@ -47,13 +47,10 @@ ENV MAXKB_VERSION="${DOCKER_IMAGE_TAG} (build at ${BUILD_AT}, commit: ${GITHUB_C
     MAXKB_LOCAL_MODEL_PROTOCOL=http \
     PIP_TARGET=/opt/maxkb/python-packages
 
-
 WORKDIR /opt/maxkb-app
 COPY --from=stage-build /opt/maxkb-app /opt/maxkb-app
 COPY --from=stage-build /opt/py3 /opt/py3
 
-RUN chmod 755 /tmp
-
 EXPOSE 8080
 VOLUME /opt/maxkb
 ENTRYPOINT ["bash", "-c"]
diff --git a/installer/Dockerfile-base b/installer/Dockerfile-base
index 09e659b48..b56de9134 100644
--- a/installer/Dockerfile-base
+++ b/installer/Dockerfile-base
@@ -30,6 +30,7 @@ RUN ln -sf /usr/share/zoneinfo/Asia/Shanghai /etc/localtime && \
     chmod g-xr /usr/local/bin/* /usr/bin/* /bin/* /usr/sbin/* /sbin/* /usr/lib/postgresql/17/bin/* && \
     chmod g+xr /usr/bin/ld.so && \
     chmod g+x /usr/local/bin/python* && \
+    chmod -R g-rwx /tmp /var/tmp /dev/shm /var/lock && \
     apt-get clean all && \
     rm -rf /var/lib/apt/lists/* /usr/share/doc/* /usr/share/man/* /usr/share/info/* /usr/share/locale/* /usr/share/lintian/* /usr/share/linda/* /var/cache/* /var/log/* /var/tmp/* /tmp/*
 COPY --from=vector-model --chmod=700 /opt/maxkb-app/model /opt/maxkb-app/model