consider setting `umask` for build and/or runtime

[nitzmahone]

Default umask doesn't allow root group write permissions- to be most friendly with ephemeral use cases, it probably should...

There's no built-in way I'm aware of to have a umask setting persist through a build in Containerfile-style builds (it can be done in buildah imperative builds, but that's a much larger conversation), and rewriting all the tasks to inject a umask into the process chain for every build step that might need it is ... prohibitve. It could be done in the default builder entrypoint script for runtime needs, which may solve a small class of problems, but ensuring that default file-permissions are set properly during build-time (+rw on files and +rwx on dirs for both owner and group) is the much more important need to solve.

[Alfa21tpp]

Hello @nitzmahone , I found a glitch I'm not sure if it's related to umask but in V3.0.0 the script "entrypoint" is rwx--x--x

When I run a custom EE built with entrypoint and dumb-init (the default options) I get a permission denied error.

As a workaround I found this solution: in execution-environment.yml as last thing of the section "append_final:" put a line like " - RUN chmod g+rx /opt/builder/bin/entrypoint"