This issue is intended to keep track of https://github.com/coreos/ignition/issues/1301 for the purpose of maintaining behavioral parity between the MCO and Ignition.

The following bug (https://bugzilla.redhat.com/show_bug.cgi?id=2038240) was opened to address previously unknown behavior around special file modes.

To summarize: When a file's mode is changed with os.Chmod(), only the first 9 bits (owner, user, group / read, write, execute) are applied to the file. In particular, special file mode bits such as the sticky bit, setuid, and setgid are discarded. For example, if one tries to set mode 01755 on a file, the file will have mode 0755 set. This causes the MCO config drift detection to flag a file with mode 01755 as different because the file on-disk has mode 0755. For this reason, https://github.com/openshift/machine-config-operator/pull/2910 was opened to validate that the user is not trying to set a special file mode.

At the time of this writing, Ignition does not set special file mode bits and does not provide a warning. Because the MCO tries to keep behavioral parity with Ignition (for the subset of Ignition that MCO supports), adding file mode validation to the MCO is a divergence of that behavior. Once the Ignition bug is addressed, the MCO should be updated similarly, if needed.