Why does execute in the "root" group have to be set for docker to use the secrets directory?

[JustEnoughDucks]

I was following The smarthome beginner security practices when I noticed my secrets directory didn't have a rw owner-only permission set. I followed the chmod on it, recursively, for 600 and this was the result when trying to start traefik:

WARNING: Service "traefik" uses an undefined secret file "/home/USER/docker/secrets/cloudflare_email", the following file should be created "/home/USER/docker/secrets/cloudflare_email"
WARNING: Service "traefik" uses an undefined secret file "/home/USER/docker/secrets/cloudflare_api_key", the following file should be created "/home/USER/docker/secrets/cloudflare_api_key"

I believe this comes from incorrect permissions. It persists no matter what permissions I set for read/write permissions. I have to have executable root group permission in order for docker to be able to use the directory

I have been experimenting with different combinations of permissions. Using a root:root ownership, the MINIMUM permissions for me is 770 on the secrets directory, while all of the docker secrets key files inside can be 600

This is contrary to what the guide said. Does anyone have any insight? Thank you

[dialanothernumb]

Sorry to add nothing but "me too" on this issue. I am baffled that I haven't found more search hits on this topic.

[sudo-kraken]

If you update to docker compose V2 then this resolves the issue.

https://docs.docker.com/compose/cli-command/