Hello, I have setup keila using a Docker container (non-root) and imported some contacts using the API. Unfortunately after creating a campaign, no e-mails are sent and I see (about a million) errors in docker log popping up:

Last message: :check_if_time_to_update
12:29:14.582 [error] GenServer :tzdata_release_updater terminating
** (File.Error) could not write to file "/opt/app/lib/tzdata-1.1.1/priv/latest_remote_poll.txt": permission denied
    (elixir 1.15.7) lib/file.ex:1117: File.write!/3
    (tzdata 1.1.1) lib/tzdata/data_loader.ex:43: Tzdata.DataLoader.last_modified_of_latest_available/1
    (tzdata 1.1.1) lib/tzdata/release_updater.ex:81: Tzdata.ReleaseUpdater.loaded_tzdata_matches_remote_last_modified?/0
    (tzdata 1.1.1) lib/tzdata/release_updater.ex:42: Tzdata.ReleaseUpdater.poll_for_update/0
    (tzdata 1.1.1) lib/tzdata/release_updater.ex:19: Tzdata.ReleaseUpdater.handle_info/2
    (stdlib 5.2) gen_server.erl:1095: :gen_server.try_handle_info/3
    (stdlib 5.2) gen_server.erl:1183: :gen_server.handle_msg/6
    (stdlib 5.2) proc_lib.erl:241: :proc_lib.init_p_do_apply/3
Last message: :check_if_time_to_update

Is this something I can fix?
Can this be the root cause why my test-campaigns are not sent?

Keila doesn’t need to be root, but it needs to be able to write to /opt/app. If you don’t see any other errors, this might be the reason for it.

So your advice is to fix this in the container now manually and every time a new keila release is available?

The permissions now look like

~$ docker exec -ti keila-keila-1 sh
~ $ cd /opt/app/lib/tzdata-1.1.1/priv/
~/lib/tzdata-1.1.1/priv $ ls -la
total 4
drwxr-xr-x    1 default  root            76 Jan 24 09:37 .
drwxr-xr-x    1 default  root            30 Jan 24 09:37 ..
-rw-r--r--    1 default  root             9 Jan 24 09:37 latest_remote_poll.txt
drwxr-xr-x    1 default  root            42 Jan 24 09:37 release_ets
drwxr-xr-x    1 default  root             6 Jan 24 09:37 tmp_downloads

Oh, so you were using the official Keila image? Sorry, I had assumed from your initial comment that you had created your own image.

Yes, I use official Keila image.

And you’re running it just as is - or did you make any modifications?

Can you try getting in the console and running this command?

Tzdata.DataLoader.download_new

And you’re running it just as is - or did you make any modifications?

We have set up the container according to docs and have only changed the username to not having it run as root.

Ah, that might be the problem, then. Could you try using the user default instead of your custom user?

Is there another way? Unfortunately our process is not so...easy to "just" change the user in production environment.

Keila needs write access to some of the priv directories in /opt/app, so changing the user in the container is expected to break things. If you want to change the user (e.g. because you absolutely want to use a certain UID), you’ll also have to change the permissions/ownership in /opt/app.

It's common practice to have containers running as any user. Keila should not require a specific username to be available on the host system. Will break things for many people.

The specific user doesn’t need to exist on the host system, though.

If you want a specific local user mapped to the default user in the Keila container, you could look at the relevant options from your container runtime. You can find instructions for Docker specifically here: https://docs.docker.com/engine/security/userns-remap/

Fixed by removing user line in docker-compose.yml and restarting container.