If you’re encountering the following error during your Embedded Cluster installation:
Failed to start: fork/exec <data-dir>/k0s/bin/etcd: permission denied
component=etcd
You’re not alone—this is a known issue that typically arises in environments with a restrictive umask, resulting in improper directory permissions and preventing the etcd binary from executing.
Root Cause
The etcd component cannot start because one or more directories in the <data-dir> path are missing global execute (x) permissions. This usually happens when the system umask is set to a restrictive value (i.e., not the default 0022).
Note:
<data-dir>defaults to/var/lib/embedded-cluster/unless overridden using the--data-dirflag during installation.
How to Fix
-
Reset the Installation
sudo ./<installer> reset --forceThis will reset the environment and reboot the server.
-
Correct Directory Permissions
Manually ensure that each directory in the<data-dir>path has the global execute permission:Example (if
<data-dir>is/var/lib/embedded-cluster/):sudo chmod +x /var sudo chmod +x /var/lib sudo chmod +x /var/lib/embedded-cluster/Example (if using a custom path like
/opt/my-cluster-data):sudo chmod +x /opt sudo chmod +x /opt/my-cluster-data
Do not use chmod +x -R /— this applies execute permission recursively and can compromise system security. Only apply+xto the necessary directories in the<data-dir>path. -
Reinstall with Correct umask
umask 0022 ./<installer> install --license license.yaml [--data-dir <data-dir>] -
Still Seeing Errors?
If the issue persists and the cause isn’t clear, please generate a new support bundle and share it with the support team.
Fixed in EC v2.1.3
This issue is resolved in Embedded Cluster v2.1.3, which includes:
- A fix to ensure directory permissions do not block etcd startup.
- A preflight check that validates directory permissions in the
<data-dir>path before installation begins.
We recommend upgrading to v2.1.3 if you’re running an earlier version.
Let us know if you have any questions or need help troubleshooting!