Checkmk Container Persistent data permission denied

Hi all
I’ve been trying to get this fixed for weeks now, and don’t see any light at the end of the tunnel:

running Checkmk Raw Edition 2.4.0p12 as container
Docker on Ubuntu VERSION=“24.04.3 LTS (Noble Numbat)”

my docker-compose.yml (used stack in portainer):

version: ‘3’
services:
checkmk:
image: checkmk/check-mk-raw:2.4.0-latest
container_name: checkmk5240
security_opt:

• no-new-privileges:true
  ports:
• “162:162/udp”
• “514:514/udp”
• “514:514/tcp”
• “6557:6557/tcp”
• “5200:5000/tcp”
• “8000:8000/tcp”
  tmpfs:
• /opt/omd/sites/cmk/tmp:uid=1000,gid=1000
  ulimits:
  nofile: 1024
  environment:
• PUID=1000
• PGID=1000
• MAIL_RELAY_HOST=smtp.office365.com:587
• CMK_SITE_ID=cmk
• CMK_PASSWORD=
• CMK_LIVESTATUS_TCP=on
• TZ=Europe/Berlin
  volumes:
• /etc/localtime:/etc/localtime:ro
• ./bak:/bak
• sites:/omd/sites
  restart: unless-stopped
  privileged: true
  volumes:
  sites:

Container runs healthy w.o. any problems and I’d expect persistent dat in volume ‘sites’ but:
deleting and recreating the container results in:

2025-09-28T07:44:48.733454665Z ### PREPARE POSTFIX (Hostname: 5ac112dcfe53, Relay host: smtp.office365.com:587)
2025-09-28T07:44:48.918159727Z ### STARTING MAIL SERVICES
2025-09-28T07:44:52.989991980Z …done.
2025-09-28T07:44:53.000332933Z Site timezone set to Europe/Berlin
2025-09-28T07:44:53.000365480Z ### STARTING XINETD
2025-09-28T07:44:53.031660682Z * Starting internet superserver xinetd
2025-09-28T07:44:53.033179685Z …done.
2025-09-28T07:44:53.033431601Z ### STARTING SITE
2025-09-28T07:44:53.497133827Z Traceback (most recent call last):
2025-09-28T07:44:53.497180722Z File “/usr/bin/omd”, line 54, in
2025-09-28T07:44:53.497196164Z omdlib.main.main()
2025-09-28T07:44:53.497201856Z File “/omd/versions/2.4.0p12.cre/lib/python3/omdlib/main.py”, line 4819, in main
2025-09-28T07:44:53.498112418Z site = _site_environment(site_name, command)
2025-09-28T07:44:53.498148078Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2025-09-28T07:44:53.498154274Z File “/omd/versions/2.4.0p12.cre/lib/python3/omdlib/main.py”, line 4664, in _site_environment
2025-09-28T07:44:53.498915982Z set_environment(site)
2025-09-28T07:44:53.498930497Z File “/omd/versions/2.4.0p12.cre/lib/python3/omdlib/main.py”, line 1810, in set_environment
2025-09-28T07:44:53.499347516Z with envfile.open() as opened_file:
2025-09-28T07:44:53.499361511Z ^^^^^^^^^^^^^^
2025-09-28T07:44:53.499367251Z File “/omd/versions/2.4.0p12.cre/lib/python3.12/pathlib.py”, line 1013, in open
2025-09-28T07:44:53.499648201Z return io.open(self, mode, buffering, encoding, errors, newline)
2025-09-28T07:44:53.499662129Z ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
2025-09-28T07:44:53.499668021Z PermissionError: [Errno 13] Permission denied: ‘/omd/sites/cmk/etc/environment’

once deleting the volume ‘sites’ the recreation works… (but this isn’t the idea behind persistent, is it?)

Can anyone point me to the right direction, please?

What happens if you setup your docker container as described inside the manual?

thanks for the hint.
actually this brings me to my 2nd problem:

when using the suggested docker-compose, I get :

RROR: Failed to delete user 'cmk': userdel: group cmk not removed because it has other members.
userdel: cmk mail spool (/var/mail/cmk) not found

when removing site cmk (to restore it from a backup)
I might be wrong, but I remember this might be fixed when commenting out the tmpfs, however, it’ll generate performance warnings and/or unhealthy status in portainer.

anywa, without restoring my backup, the permission problem doesn’t seem to occure when using the suggested docker-compose from the manual.

next step:
after commenting out tmpfs, I could rm cmk, and restore my backup,

but since the restore, my permission denied seems to be back:

^^^^^^^
PermissionError: [Errno 13] Permission denied: ‘/omd/sites/cmk/etc/environment’

is it possible that my backup /restore is braking my system?