diff --git a/CHANGELOG.md b/CHANGELOG.md
index f205a282..1d9e9a2e 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -13,6 +13,11 @@ All notable changes to this project will be documented in this file. The format
 - **Internal:**
   - [`DMS_CONFIG_POLL`](https://docker-mailserver.github.io/docker-mailserver/v15.0/config/environment/#dms_config_poll) supports adjusting the polling rate (seconds) for the change detection service `check-for-changes.sh` ([#4450](https://github.com/docker-mailserver/docker-mailserver/pull/4450))
 
+### Fixes
+
+- **Internal:**
+  - The DMS _Config Volume_ (`/tmp/docker-mailserver`) will now ensure it's file tree is accessible for services when the volume was created with missing executable bit ([#4487](https://github.com/docker-mailserver/docker-mailserver/pull/4487))
+
 ### Updates
 
 - **Documentation:**
diff --git a/target/scripts/startup/setup-stack.sh b/target/scripts/startup/setup-stack.sh
index eb340a7b..ad4ba883 100644
--- a/target/scripts/startup/setup-stack.sh
+++ b/target/scripts/startup/setup-stack.sh
@@ -104,6 +104,12 @@ function _setup_directory_and_file_permissions() {
     chown -R _rspamd:_rspamd "${RSPAMD_DMS_DKIM_D}"
   fi
 
+  # Parent directories must have the executable bit set to descend the file tree for access,
+  # as each service in the container running as a non-root user requires this to access any subpath,
+  # `/tmp/docker-mailserver` must allow all users `+x` (notably required for `_rspamd` user read access):
+  local DMS_CONFIG_DIR=/tmp/docker-mailserver
+  chmod +x "${DMS_CONFIG_DIR}"
+
   __log_fixes
 }