Though, reading the implementation… 1. I’m not convicned the database files should be writable by the osquery group 2. umask in the init script feels weird. Can we do this in the code?

Yes we can implement the umasking-behavior in code but it seems OK that it's in the systemd unit. Perhaps the only issue is the init script?

My comment applies to systemd, and init equally.

It's a feature of an exec unit in systemd (thus I am assuming it's expected) https://www.freedesktop.org/software/systemd/man/systemd.exec.html

What about the next thing? It feels like it’s adding some logic to the start script. which feels weird. It also means that the socket and the db files have the same meaning

expected = a thing that happens maybe

This is all a weak objection. If people would rather have osquery just respect umask, I’m super opposed. Mostly just feels weird.

Exactly the opposite. Clearly too distracted. If people want to just respect umask. I’m onboard.

ah ok 🙂

FYI you want @-here, @-channel gets idle people too.