The agent was recently set with a security context in https://github.com/zarf-dev/zarf/pull/3036, which set the user:group in the container to 1000:2000. However, the user:group should be 65532:65532 as this is the sole nonroot user in the base image cgr.dev/chainguard/static:latest and owner of the executed Zarf binary. This doesn't cause any issues for the regular Zarf init package, but did cause an issue for the ironbank agent, which sets a chmod Zarf file so only the owner can access it.
Summary
The agent was recently set with a security context in https://github.com/zarf-dev/zarf/pull/3036, which set the user:group in the container to 1000:2000. However, the user:group should be 65532:65532 as this is the sole nonroot user in the base image
cgr.dev/chainguard/static:latestand owner of the executed Zarf binary. This doesn't cause any issues for the regular Zarf init package, but did cause an issue for the ironbank agent, which sets a chmod Zarf file so only the owner can access it.