fix(mail): chown zpush state on pod start — root-owned files break sync

A root-run z-push-admin (kubectl exec defaults to root) left a root-owned 'users' file on the state PVC; Apache runs as www-data, so every request 500'd with 'Not possible to write to the configured state directory'. An initContainer now normalizes ownership on every start (state is disposable, ownership isn't precious), and the docs say to exec z-push-admin as www-data.
2026-06-12 15:46:31 +02:00
parent b6c98e2a65
commit 4b71b5751f
2 changed files with 18 additions and 2 deletions
@@ -184,8 +184,11 @@ curl -k -i -X OPTIONS https://mail.dezky.local/Microsoft-Server-ActiveSync
 curl -k -i -u user@tenant.tld:app-password -X OPTIONS \
  https://mail.dezky.local/Microsoft-Server-ActiveSync

-# Per-device sync state
-docker exec dezky-zpush php /usr/share/z-push/z-push-admin.php -a list
+# Per-device sync state. ALWAYS run as www-data — a root-run z-push-admin
+# leaves root-owned state files that 500 every request ("Not possible to
+# write to the configured state directory"). The prod pod has an
+# initContainer that re-chowns the state dir on start as a backstop.
+docker exec -u www-data dezky-zpush php /usr/share/z-push/z-push-admin.php -a list
 ```

 ---