Hi, I have a question and hope one of you can give me the decisive tip.
I have a freshly installed Debian 12 server here.
Now I want to install BareMetal Traefik 3.5.2 on it.
So far, so good.
The problem starts as soon as I try to run the Systemd service for the Traefik proxy with the dedicated unprivileged user traefik.
It always fails with the same error message:
“command traefik error: stat /etc/traefik/traefik.yml: permission denied”,‘time’:“2025-09-24T15:23:24+02:00”
I believe I have checked all permissions.
1. File permissions
ls -ld /etc -> drwxr-xr-x ... root root (correct)ls -ld /etc/traefik -> drwxr-x--- ... traefik traefik (correct after chmod g+x)ls -l /etc/traefik/traefik.yml -> -rw-r----- ... traefik traefik (correct)
2. Searched for appamor=DENIED in the journal, no messages
3. ACL package is not installed, so no ACLs are active
To rule out systemd as the cause, I tried direct access:
sudo -u traefik head -n 1 /etc/traefik/traefik.yml
Result: permission denied.
I even went so far as to open it for everyone with chmod 644. Result: Permission Denied.
Even with hardening removed, no change.
User recreated, rights redistributed.
Finally, a strace result: [pid 7555] openat(..., “/etc/traefik/traefik.yml”, O_RDONLY) = -1 EACCES (Permission denied)
So the kernel itself is denying access.
And now I'm at my wit's end. I don't understand why.
I hope one of you can help me.