Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Document umask requirement for fleetctl package #23120

Merged
merged 1 commit into from
Oct 23, 2024
Merged

Document umask requirement for fleetctl package #23120

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
2 changes: 2 additions & 0 deletions articles/enroll-hosts.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -27,6 +27,8 @@ The `--type` flag is used to specify the fleetd installer type.

A `--fleet-url` (Fleet instance URL) and `--enroll-secret` (Fleet enrollment secret) must be specified in order to communicate with Fleet instance.

> `fleetctl` on macOS/Linux requires `umask` to be `022`/`002` and `/tmp` (used during package generation) has to be mounted without `noexec`.
Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

  • umask to be 022/002
  • /tmp (used during package generation) has to be mounted without noexec

@lucasmrod are these defaults for macOS/Linux? If yes, I think we can remove these from the docs. I think it makes using fleetctl seem harder than it needs to be.

If not, what action does the user have to take to make sure they have these?

Copy link
Member Author

@lucasmrod lucasmrod Oct 23, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

are these defaults for macOS/Linux?

Probably the default for macOS.
Linux is a big world, but seems to be the case for most distros.

If not, what action does the user have to take to make sure they have these?

  • Set umask to the supported values by running umask 022.
  • Make sure where /tmp was mounted does not have noexec.

Do we want a PR to revert this change?

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Hmm, I think so. If we're confident it's the default I think most users won't need to know.

I opened a PR here: #23151

That said, please keep up the guide edits!

Copy link
Member Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sounds good.

Feel free to add a comment on #22877.


#### Example

Generate fleetd on macOS (.pkg)
Expand Down
Loading