Apply suggestions from code review

Co-authored-by: Olivier Vielpeau <olivielpeau@users.noreply.github.com>

pkg/secrets/check_rights_nix.go

@@ -61,7 +61,7 @@ func checkGroupPermission(stat *syscall.Stat_t, usr *user.User, userGroups []str
 	if fmt.Sprintf("%d", stat.Uid) == usr.Uid {
 		isUserFile = true
 	}
-	// If the file is not own by the user, lets check for on of his groups
+	// If the file is not owned by the user, let's check for one of his groups
 	if !isUserFile {
 		var isGroupFile bool
 		for _, userGroup := range userGroups {
@@ -76,7 +76,7 @@ func checkGroupPermission(stat *syscall.Stat_t, usr *user.User, userGroups []str
 
 		// Check that *group* can at least exec.
 		if stat.Mode&(syscall.S_IXGRP) == 0 {
-			return fmt.Errorf("invalid executable: '%s' is not readable or executable by group", path)
+			return fmt.Errorf("invalid executable: '%s' is not executable by group", path)
 		}
 	}
 

pkg/secrets/check_rights_nix_test.go

@@ -56,7 +56,7 @@ func TestGroupOtherRights(t *testing.T) {
 
 	allowGroupExec = true
 
-	// event if allowGroupExec=true, group may have no permission
+	// even if allowGroupExec=true, group may have no permission
 	require.Nil(t, os.Chmod(tmpfile.Name(), 0700))
 	require.Nil(t, checkRights(tmpfile.Name(), allowGroupExec))
 

releasenotes-dca/Add-Group-exec-perm-for-the-SecretBackend-command-a7fbe1ece1fad50b.yaml

@@ -2,7 +2,7 @@
 enhancements:
   - |
     Add new configuration parameter to allow 'GroupExec' permission on the secret-backend command.
-    Set to 'true' the new parameter 'secret_backend_command_allow_group_exec_perm' to activate it.
+    The new parameter ('secret_backend_command_allow_group_exec_perm') is now enabled by default in the cluster-agent image.
 fixes:
   - |
     Fix 'readsecret.sh' permission in Cluster-Agent dockerfiles that removes `other` permission.