Consul data file permissions

It looks like the Consul data files are created using 600 permissions. Is there a capability to specify an alternative file permission (e.g. 660)?

The context for my question is the desire to use kubernetes runAsUser to start Consul with the data files on a persistent volume.

We’d like to be able to change the runAsUser without encountering “permission denied” errors due to file permissions on a system whose securityContext which is not privileged and does not allow privilege escalation.

        securityContext:
          allowPrivilegeEscalation: false
          privileged: false

Hey @domelz,

We tried recreating this scenario locally using the consul-helm template and updating the podSpec on the StatefulSet for the Consul Server. We experimented with changing the fsGroup/runAsUser/runAsGroup but were unable to reproduce a scenario where we ran into a “permission denied” situation on the consul data files.

Could you provide us with a config or reproduction steps so that we could recreate this scenario locally and understand it further?

Thanks!