Account for umask on isMorePermissive

[lucasmrod]

Tentative fix for #22877, to support different values of umask.

Still waiting for user feedback, thus opening as draft.

Alternative, just document fleetctl package is currently expected to work with umask = 002 (my Ubuntu VMs) or umask = 022 (macOS / most Linux distros).

• Changes file added for user-visible changes in changes/, orbit/changes/ or ee/fleetd-chrome/changes.
  See Changes files for more information.
• Added/updated tests
• Manual QA for all new/changed functionality
• For Orbit and Fleet Desktop changes:
  • Orbit runs on macOS, Linux and Windows. Check if the orbit feature/bugfix should only apply to one platform (runtime.GOOS).
  • Manual QA must be performed in the three main OSs, macOS, Windows and Linux.
  • Auto-update manual QA, from released version of component to new version (see tools/tuf/test).

[iansltx]

Given that this involvse finicky file system stuff, probably best to add tests for both getUmask and isMorePermissive, in part to document expected behavior. I can kind of follow what's going on here but there are enough layers between the existing tests and the changed methods that something closer to unit tests would be helpful here.

[lucasmrod]

Given that this involvse finicky file system stuff, probably best to add tests for both getUmask and isMorePermissive, in part to document expected behavior. I can kind of follow what's going on here but there are enough layers between the existing tests and the changed methods that something closer to unit tests would be helpful here.

I think I'll move towards documenting that currently supported umask values for fleetctl package are 002/022 (default for most Linux distros and macOS).

What was the correct place to document this kind of thing?

[iansltx]

Maybe here: https://fleetdm.com/guides/enroll-hosts#cli, or elsewhere on that page

[lucasmrod]

Closing in favor of #23120 (documenting requirement for now, to reduce complexity/risk).