USER PROBLEM
^{What is the user experiencing as a result of the bug? Include steps to reproduce.}

• When authentication information (password or API Token) is missing from the roxctl command line or environment, the user faces a confusing error about not being able to write
• sample command: podman run -e ROX_ENDPOINT=localhost:443 -it ${REGISTRY_URL}/advanced-cluster-security/rhacs-roxctl-rhel8:4.8.4 central crs generate abcde1-crs --output -
• returned error: ERROR: obtaining auth information for localhost:443: retrieving token: retrieving config store: creating config store: creating config directory /.roxctl: mkdir /.roxctl: permission denied
•  

CONDITIONS
^{What conditions need to exist for a user to be affected? Is it everyone? Is it only those with a specific integration? Is it specific to someone with particular database content? etc.}

• missing authentication information on the command line

ROOT CAUSE
^{What is the root cause of the bug?}

• roxctl commands that require an established GRPC connection go through the possible authentication information source (user/password, API Token, saved token from roxctl login).
• The default if the first two sources are missing is the saved token from roxctl login
• As roxctl login was not called either, roxctl tries to create the directory where the token is saved, but fails due to lack of permissions

FIX
^{How was the bug fixed (this is more important if a workaround was implemented rather than an actual fix)?}

• Add an input validation step to any roxctl command that needs an authenticated GRPC connection to central, ensuring that a valid authentication source is available (be it password, API token or roxctl login saved token)
• This can be pushed as low in the code layers as allows to have minimal changes for all impacted roxctl commands