Document umask requirement for fleetctl package
#23120
Conversation
| @@ -27,6 +27,8 @@ The `--type` flag is used to specify the fleetd installer type. | |||
|
|
|||
| A `--fleet-url` (Fleet instance URL) and `--enroll-secret` (Fleet enrollment secret) must be specified in order to communicate with Fleet instance. | |||
|
|
|||
| > `fleetctl` on macOS/Linux requires `umask` to be `022`/`002` and `/tmp` (used during package generation) has to be mounted without `noexec`. | |||
There was a problem hiding this comment.
umaskto be022/002/tmp(used during package generation) has to be mounted withoutnoexec
@lucasmrod are these defaults for macOS/Linux? If yes, I think we can remove these from the docs. I think it makes using fleetctl seem harder than it needs to be.
If not, what action does the user have to take to make sure they have these?
There was a problem hiding this comment.
are these defaults for macOS/Linux?
Probably the default for macOS.
Linux is a big world, but seems to be the case for most distros.
If not, what action does the user have to take to make sure they have these?
- Set
umaskto the supported values by runningumask 022. - Make sure where /tmp was mounted does not have
noexec.
Do we want a PR to revert this change?
There was a problem hiding this comment.
Hmm, I think so. If we're confident it's the default I think most users won't need to know.
I opened a PR here: #23151
That said, please keep up the guide edits!
There was a problem hiding this comment.
Sounds good.
Feel free to add a comment on #22877.
Remove note b/c these are the defaults for macOS and Linux: #23120 (comment)
Remove note b/c these are the defaults for macOS and Linux: #23120 (comment)
Remove note b/c these are the defaults for macOS and Linux: #23120 (comment)
Documentation for #22877.