Permission problems about docker-postfix HOT 8 CLOSED

I figured out what happened and it had nothing to do with your code, sorry.

I copied my /var/lib/docker to another partition using sudo. I should have used a flag to preserve the owner permissions in hindsight, because now all files became owned by root. At first it seemed everything worked okay, but there is an overlay2 folder that keeps the diff for images when a container modifies the files within a container. The result was that certain directories (like \tmp and \var\lib\postfix) now became owned by root inside the image.

I did not realize the problem was on my end, because when I switched between versions of your image the problem disappeared. But this was because the layers of the image are cached in overlay2, so when I tried an image that did not exist previously I got the correct permissions.

So sorry for bothering you. At least now you know that there is a situation in which the permissions inside the container can be different as what is specified in Dockerfile, but it's really an edge case that will not occur under normal usage, so it's not necessary to handle that in your script.

from docker-postfix.

Which version are you running? How are you running the image? Are you using any mounted directories? Do you have SKIP_ROOT_SPOOL_CHOWN set?

from docker-postfix.

The latest (latest-alpine) ARM64 version, sha256:15cb222cf4b8472b1416d7bfcdc97d9eaceb287e3807545504e62d37595fb9e3

I also run it on a AMD64 server, and there I dont see this problem, so it might be possible it only happens on ARM.

The composefile is identical on both systems:

postfix:
    hostname: postfix  
    container_name: postfix
    image: "boky/postfix:latest-alpine"
    environment:
      - "HOSTNAME=XXX"   
      - "TZ=Europe/Amsterdam"
      - "MYNETWORKS=0.0.0.0/0,[::]/0"
      - "ALLOW_EMPTY_SENDER_DOMAINS=true"
      - "RELAYHOST=XXX"
      - "RELAYHOST_USERNAME=XXX"
      - "RELAYHOST_PASSWORD=XXX"
    volumes:
      - "/mnt/data/postfix/etc:/etc/postfix"
      - "/mnt/data/postfix/keys:/etc/opendkim/keys"
      - "/mnt/data/postfix/spool:/var/spool/postfix"      
    ports:
      - 25:25
    networks:
      - web
    dns_search: .
    restart: always
    stop_grace_period: 2m

As you can see I have no SKIP_ROOT_SPOOL_CHOWN set. And this compose file always worked until yesterday when I updated to the new image.

from docker-postfix.

I reverted back to v4.0.2-alpine and it works without any permission problems.

So I am positive this regression in the ARM image was introduced recently. I was especially following latest instead of edge to avoid problems like this.

from docker-postfix.

This is really odd, as there were no changes that would cause this issue.

Are you running into this issue with v4.1.0 as well?

from docker-postfix.

I just tried and v4.1.0 also works fine.

from docker-postfix.

Odd. But since v4.1.0 works I think we can close this ticket. I'd still like to know what caused it, though, to avoid repeats. So if you run into any additional information, please do reopen it.

from docker-postfix.

That is in fact the case, but how is your /tmp/ not writtable?

from docker-postfix.