We're going through the unbelievably fun process of implementing OpenSCAP auditing on our AlmaLinux 9 hosts. One of the fail flags we're hitting is
"Ensure All World-Writable Directories Are Owned by root User"
which is failing on /var/lib/condor/spool/local_univ_execute and /var/lib/condor/execute, both of which are 1777 condor:condor.
So, doing due-diligance I have to ask if these need to have those permissions.
: || lvd@gertrude ~ [1027] ; rpm -qf /var/lib/condor/spool/local_univ_execute /var/lib/condor/execute
file /var/lib/condor/spool/local_univ_execute is not owned by any package
condor-24.6.1-1.el9.x86_64
My suspicion is the answer is yes they do - though I'm darned if I know why - since changing them to be root:condor causes the host to stop accepting jobs. I'd love to know why that is the case, though.
thanks,
nomad
-- CHSCC work days are Mondays, Tuesdays, and every other Wednesday.
BITE work days are Thursdays, Fridays, and the other Wednesdays.
![[Computer Systems Lab]](http://www.cs.wisc.edu/pics/csl_logo.gif){kind=logo}